=== WP Activity Log ===
Contributors: WPWhiteSecurity, robert681
Plugin URI: https://wpactivitylog.com
License: GPLv3
License URI: https://www.gnu.org/licenses/gpl.html
Tags: activity log, wordpress activity logs, security audit log, audit log, user tracking, security event log, audit trail, wordpress security monitor, wordpress admin, wordpress admin monitoring, user activity, admin, multisite, SMS alerts, wordpress monitoring, email notification, wordpress email alerts, tracking, user tracking, user activity report, wordpress audit trail
Requires at least: 4.4
Tested up to: 5.7
Stable tag: 4.2.0.1
Requires PHP: 5.5

The #1 user-rated activity log plugin. Keep a comprehensive log of the changes that happen on your site with this easy to use plugin.

== Description ==

<strong>THE MOST COMPREHENSIVE & EASY TO USE WORDPRESS ACTIVITY LOG PLUGIN</strong><br />

Keep an [activity log](https://wpactivitylog.com/wordpress-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) of everything that happens on your WordPress sites and multisite networks with the WP Activity Log plugin to:

* Ensure user productivity
* Improve user accountability
* Ease troubleshooting
* Know exactly what all your users are doing
* Better manage & organize your WordPress site & users
* Easily spot suspicious behavior before there are security problems.

[WP Activity Log](https://wpactivitylog.com/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) is the most comprehensive real time user activity and monitoring log plugin. It helps thousands of WordPress administrators and security professionals keep an eye on what is happening on their websites. It is also the most highly rated WordPress activity log plugin and have been featured on popular sites such as GoDaddy, Kinsta and WPBeginner.

[youtube https://www.youtube.com/watch?v=pgFEMIvKFTA]

<a href="https://wpactivitylog.com/features/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description" target="_blank">Benefits & features</a> | <a href="https://wpactivitylog.com/why-wp-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description" target="_blank">Why choose WP Activity Log</a> | <a href="https://wpactivitylog.com/support/kb/getting-started-wp-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description" target="_blank">Getting started</a>

> <strong>Note</strong>: The WordPress activity log is FREE. Features such as reports, email notifications, SMS alerts, search and many others are available in the <Strong>[Premium Edition](https://wpactivitylog.com/features/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)</strong>.
>

#### Maintained & Supported by WP White Security

WP White Security builds high-quality niche WordPress security & management plugins such as [Password Policy Manager for WordPress](https://www.wpwhitesecurity.com/wordpress-plugins/password-policy-manager-wordpress/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=PPMWP&utm_content=plugin+repos+description), a plugin with which you can ensure all your users use strong passwords.

Browse our list of [WordPress plugins](https://www.wpwhitesecurity.com/wordpress-plugins/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=all+plugins&utm_content=plugin+repos+description) that can help you better manage and improve the security of your WordPress websites and users.

### WordPress Changes & Details the Plugin Keeps a Log Of
As a comprehensive & complete WordPress activity log solution WP Activity Log does not just tell you that a post, a user profile, or an object was updated. It tells you exactly what was changed within the post, the user profile, or the object.

Below is a summary of the changes that the plugin can keep a record of:

* **Post, Page and Custom Post Type changes** such as status, [content changes](https://wpactivitylog.com/support/kb/how-keep-record-of-content-changes/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description), title, URL, custom field & other metadata changes

* **Tags and Categories changes** such as creating, modifying or deleting them, and adding or removing them from posts

* **Widgets and Menus changes** such as creating, modifying or deleting them

* **User changes** such as user created or registered, deleted or added to a site on multisite network

* **User profile changes** such as password, email, display name and role changes

* **User activity** such as login, logout, failed logins and terminating other sessions

* **WordPress core and settings changes** such as installed updates, permalinks, default role, URL and other site-wide changes

* **WordPress multisite network changes** such as adding, deleting or archiving sites, adding or removing users from sites etc ([activity logs for multisite networks](https://wpactivitylog.com/support/kb/activity-log-multisite-network-features/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)).

* **Plugins and Themes changes** such as installing, activating, deactivating, uninstalling and updating them

* **WordPress database changes** such as when a plugin adds or removes a table

* Changes on **WooCommerce Stores & Products**, **Yoast SEO**, **Advanced Custom Fields (ACF)**, **MainWP** and other popular WordPress plugins.

* **[WordPress site file changes](https://wpactivitylog.com/support/kb/wordpress-files-changes-warning-activity-logs/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)** such as new files are added, or existing ones are modified or deleted.

For every event that the plugin keeps a log of it also reports the:

* Date & time (and milliseconds) of when it happened,
* User & role of the user who did the change,
* Source IP address from where the change happened.

Refer to [WordPress activity log event IDs](https://wpactivitylog.com/support/kb/list-wordpress-activity-log-event-ids/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) for a complete list of all the changes WP Activity Log can keep a record of.

### Extend the Functionality of WP Activity Log
<strong>[Upgrade to WP Activity Log Premium](https://wpactivitylog.com/pricing/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)</strong> to:

* See who is logged,
* See what everyone is doing in real time,
* Log off any user with just a click,
* Generate HTML and CSV reports,
* Export the activity log in CSV (ideal for integrations),
* Get notified via email of important changes,
* Get instant SMS message notifications of critical site changes,
* Search the activity log using text-based searches,
* Use built-in filters to fine tune the searches,
* Store activity log in an external database to improve security,
* Mirror the WordPress activity logs to Slack, Papertrail, Syslog and other central log management and collaboration solutions,
* Configure archiving and mirroring of logs.

Refer to the [features page](https://wpactivitylog.com/features/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) for more detailed information on the plugin's features.

### Free and Premium Support

Support for WP Activity Log is free on the WordPress support forums.

Premium world-class support is available via email to all [WP Activity Log Premium](https://wpactivitylog.com/features/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) customers.

> <strong>Note</strong>: paid customers support is given priority and is provided via one-to-one email and over the phone. [Upgrade to Premium](https://wpactivitylog.com/pricing/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) to benefit from priority support.
>

#### Other Noteworthy Features
Apart from the activity logs and the already mentioned features, WP Activity Log has a number of non-logging specific features that make it a complete WordPress logging solution, such as:

* Built-in [support for reverse proxies and web application firewalls](https://wpactivitylog.com/support/kb/support-reverse-proxies-web-application-firewalls/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* Full [WordPress multisite support](https://www.wpsecurityauditlog.com/documentation/wordpress-multisite-plugin-features-support/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* Easily [create your custom alerts](https://wpactivitylog.com/support/kb/activity-log-multisite-network-features/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) to monitor additional functionality
* Developer tools including the logging of all HTTP GET and POST requests
* Integration with WhatIsMyIpAddress.com so you can get all information about an IP address with just a mouse click
* Limit who can view the WordPress activity log by either users or roles
* Limit who can manage the plugin
* Settings to enable or [disable individual event IDs from the activity log](https://wpactivitylog.com/support/kb/exclude-logging-specific-change-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* Configurable dashboard widget highlighting the most recent critical activity
* Configurable [WordPress activity log retention policies](https://wpactivitylog.com/support/kb/activity-log-retention-policies/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* User avatar is shown in the events for better recognizability
* and much more...

Refer to the <strong>[WordPress activity log plugin datasheet](https://wpactivitylog.com/activity-log-plugin-datasheet/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)</strong> for a complete list of features.

### As Featured On:

* [GoDaddy](https://www.godaddy.com/garage/decode-security-logs-wordpress/)
* [Kinsta](https://kinsta.com/blog/wordpress-activity-log/)
* [Pagely](https://pagely.com/blog/2015/01/log-wordpress-dashboard-activity-improved-security-auditing/)
* [Shout Me Loud](https://www.shoutmeloud.com/wordpress-security-audit-log.html)
* [The Dev Couple](https://thedevcouple.com/wp-security-audit-log-review/)
* [WPKube](http://www.wpkube.com/improve-wordpress-security-wp-security-audit-log/)
* [WPLift](http://wplift.com/audit-wordpress-security-logs)
* [WP SmackDown](https://wpsmackdown.com/wp-plugins/wp-security-audit-log/)
* [SourceWP](https://www.sourcewp.com/wp-security-audit-log-plugin-review/)
* [Techwibe](https://www.techwibe.com/wp-security-audit-log-wordpress-plugin/)
* [KevinMuldoon.com](https://www.kevinmuldoon.com/wp-security-audit-log-review/)
* [Cloudways](https://www.cloudways.com/blog/monitor-wordpress-with-wp-security-audit-log-plugin/)
* [Collective Ray](https://www.collectiveray.com/wp/plugins/wordpress-security-audit-log)
* [BlogVault](https://blogvault.net/wp-security-audit-log-plugin-review/)
* [Firewall.cx](http://www.firewall.cx/general-topics-reviews/security-articles/1146-wordpress-audit-monitor-log-site-security-alerts.html)
* [Design Wall](http://www.designwall.com/blog/10-wordpress-multisite-plugins-you-shouldnt-live-without/)
* [Tidy Repo](https://tidyrepo.com/wp-security-audit-log-wordpress-activity-log/)
* [Monster Post](http://blog.templatemonster.com/2015/12/15/wp-security-audit-log-plugin-review/)
* [The Darknet](http://www.darknet.org.uk/2015/10/wp-security-audit-log-a-complete-audit-log-plugin-for-wordpress/)
* [WebEmpresa](https://www.webempresa.com/blog/auditando-cambios-en-wordpress.html)
* [KitPloit](http://www.kitploit.com/2016/10/wp-security-audit-log-ultimate.html)
* [EHacking](https://www.ehacking.net/2018/10/how-activity-log-wordpress-plugin.html)

#### WP Activity Log in your language!
We need help translating the plugin and the activity log events. Please visit the [WordPress Translate Project](https://translate.wordpress.org/projects/wp-plugins/wp-security-audit-log/) to translate the plugin. Drop us an email on support@wpwhitesecurity.com to get mentioned in the list of translators below.

* Italian translation by [Leonardo Musumeci](http://leonardomusumeci.net/)
* German translation by [Mourad Louha](http://excel-translator.de)
* Brazilian Portuguese translation by [Hudson Santos](https://www.smallbee.com.br/)
* Spanish translation by the [WP Body team](https://wpbody.com/)
* French translations by Denis Moscato

#### WP Activity Log extensions for third party plugins

* <strong>[WP Activity Log for WooCommerce](https://wpactivitylog.com/extensions/woocommerce-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)</strong>: Install this extension to keep a log of changes you and yourr team do in the WooCommerce store settings, orders, products, coupons and much more.
* <strong>[WP Activity Log for Yoast SEO](https://wpactivitylog.com/extensions/yoast-seo-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)</strong>: Install this extension to keep a log of the Yoast SEO plugin settings changes, and also of the on-page SEO changes you and your team make in the Yoast SEO meta box.
* <strong>[WP Activity Log for WPForms](https://wpactivitylog.com/extensions/wpforms-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)</strong>: Install this extension to keep a log of the changes your team does in the WPForms plugin settings, forms, form files, entries (leads) and more.
* <strong>[WP Activity Log for bbPress](https://wordpress.org/plugins/wp-security-audit-log-add-on-for-bbpress/)</strong>: Intall this extension to keep a log of changes in bbPress forums, topics, bbPress settings and more.
* <strong>[Activity Log for MainWP](https://wpactivitylog.com/extensions/mainwp-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)</strong>: Install this MainWP extension to keep a log of the MainWP network changes and can see the activity logs of all child sites from one central location - the MainWP dashboard.

#### Related Links and Documentation

* [What is the WordPress activity log?](https://wpactivitylog.com/wordpress-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* [List of WordPress activity log event IDs](https://wpactivitylog.com/support/kb/list-wordpress-activity-log-event-ids/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* [WordPress Multisite Features](https://wpactivitylog.com/support/kb/activity-log-multisite-network-features/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* [WP Activity Log support for reverse proxies & WAFs](https://wpactivitylog.com/support/kb/support-reverse-proxies-web-application-firewalls/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* [WP Activity Log database documentation](https://wpactivitylog.com/support/kb/plugin-database-documentation/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* [The WP Activity Log plugin website](https://wpactivitylog.com/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* [Activity logs for MainWP](https://wpactivitylog.com/extensions/mainwp-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)

== Installation ==

=== Install WP Activity Log from within WordPress ===

1. Visit 'Plugins > Add New'
1. Search for 'WP Activity Log'
1. Install and activate the WP Activity Log plugin
1. Allow or skip diagnostic tracking

=== Install WP Activity Log manually ===

1. Upload the `wp-security-audit-log` directory to the `/wp-content/plugins/` directory
1. Activate the WP Activity Log plugin from the 'Plugins' menu in WordPress
1. Allow or skip diagnostic tracking

== Frequently Asked Questions ==

= Support and Documentation =
Please refer to our [support pages](https://wpactivitylog.com/support/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) for all the technical information and product documentation.

== Screenshots ==

1. The WordPress activity logs from where the site administrator can see all the user and site changes.
2. See who is logged in to your WordPress and manage users sessions with [Users Sessions Management](https://www.wpsecurityauditlog.com/premium-features/wordpress-users-sessions-management-tools/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
3. The plugin settings from where site administrator can configure generic plugin settings such as [reverse proxy support](https://www.wpsecurityauditlog.com/support-documentation/support-reverse-proxies-web-application-firewalls/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description), who can manage the plugin etc.
4. The WordPress audit trail settings from where you can configure automatic pruning of alerts, which timestamp should be used and more.
5. Configuring WordPress email and SMS alerts with the [Email & SMS Notifications module](https://www.wpsecurityauditlog.com/premium-features/email-notifications-wordpress-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
6. Search in the WordPress activity log with the use filters to fine tune the search results.
7. The Enable/Disable events section from where Administrators can disable or enable activity log events.
8. The Log Viewer of a Super Admin in a WordPress multisite network installation with the Site selection drop down menu.
9. WP Activity Log is integrated with the built-in revision system of WordPress, thus allowing you to see what content changes users make on your WordPress posts, pages and custom post types. For more information read [Keep Record of All WordPress Content Changes](https://www.wpsecurityauditlog.com/support-documentation/how-keep-record-of-content-changes/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
10. Mirror the WordPress activity log to an external solution such as Syslog or Papertrail to centralize logging, ensure logs are always available and cannot be tampered with in the unfortunate case of a hack attack.

== Changelog ==

= 4.2.0.1 (2021-02-12) =

* **Bug fix**
	* Menus sensor causing fatal error when there are changes in a menu (support ticket [1](https://wordpress.org/support/topic/fatal-error-3784/) & [2](https://wordpress.org/support/topic/menu-item-order-change-issue/)

= 4.2.0 (2021-02-11) =

Release notes: [WP Activity Log 4.2: Support for all date & time formats & other major updates](https://wpactivitylog.com/wsal-4-2-0/)

**New features**
	* New daet & time module that supports any type of date and time format that WordPress supports.
	* An all new activity log dashboard widget.
	* Added activity log coverage for several new WordPress settings, including automatic updates settings, date and time settings and application passwords.

**Improved activity log coverage**
* **New event IDs for changes in posts**
	* ID 2129: User added / changed / removed a post's excerpt
	* ID 2130: User added / changed / removed a post's featured image

* **New event IDs for changes in WordPress settings**
	* ID 6035: Changed the "Your homepage displays" WordPress setting
	* ID 6036: Changed the homepage in the WordPress setting
	* ID 6037: Changed the posts page in the WordPress settings
	* ID 6040: Changed the Timezone in the WordPress settings
	* ID 6041: Changed the Date format in the WordPress settings
	* ID 6042: Changed the Time format in the WordPress settings
	* ID 6044: User changed the WordPress automatic update settings
	
* **New event IDs for application passwords**
	* ID 4025: User added / removed application password from own profile
	* ID 4026: User added / removed application password from another user's profile
	* ID 4027: User revoked all application passwords from own profile
	* ID 4028: User revoked all application passwords from another user's profile
	
* **New event IDs for multisite network settings**
	* ID 7007: The setting Allow site administrators to add new users to their site was enabled / disabled
	* ID 7008: The value of the Site upload space setting was changed
	* ID 7009: The value of the file size allowed in the site upload space setting was changed
	* ID 7010: Changed the list of allowed file types on the network
	* ID 7011: Changed the value of the maximum upload file size network setting
	
* **Other new event IDs**
	* ID 1010: User requested a password reset.
	
**Improvements**
	* Improved coverage of users logins, logout and failed logins activity on custom login pages.
	* Standardized the text, format and metadata formatting of all the activity log events.
	* Drastically improved the coverage of the activity logs sensors with a number of new event IDs.
	* Redesigned the [activity logs extension](https://wpactivitylog.com/extensions/) UI.
	* Support for URL rewrites and page names (correct page title reported even if the page is a URL rewrite).
	* Default [activity log SMS notifications](https://wpactivitylog.com/features/email-sms-notifications-wordpress-activity-log/) template updated.
	* Plugins version numbers are now reported in the activity log (for example when a plugin is updated).
	* Users who hide the plugin from plugins page now get a notification when a plugin update is available.
	* Consolidated the code that generates the activity log messages.
	* Merged the Help and Contact us pages in the plugin menu.
	* Improved the Reports filters queries to address timeout issues on very big websites.
	* Replaced the "SHOW TABLES" queries for much better plugin performance.
	* Removed the "/uploads/wp-activity-log/" directory in the free edition. This is only required in premium edition.
	* Support for CloudFlare HTTP headers - plugin reports correct IP when behind CloudFlare CDN or firewall (more info on firewalls support)[https://wpactivitylog.com/support/kb/support-reverse-proxies-web-application-firewalls/].
	* Reports, Email & SMS notifications and other modules now fully support metadata which contains the space character. For example the user role Shop Manager.
	* Remove support for custom sensors. Custom event IDs in activity log now only supported via [activity log extension plugin](https://wpactivitylog.com/support/kb/create-custom-events-wordpress-activity-log/).
	* Completely removed the code of the old promotional events (stopped using them in 2017).
	* Removed the request log file setting. The request log file can now be enabled via a [filter](https://wpactivitylog.com/support/kb/list-hooks/).
	* Removed the working directory location setting from plugin settings. Instead introduced a new wp-config.php constant: WSAL_WORKING_DIR_PATH	
	* Plugin now using WP_CONTENT_DIR instead of ABSPATH were applicable (better supported by WordPress specific web hosts).
	* Added event text to event IDs 1001 and 1001.
	* The system information file now also includes all of the plugin's settings saved in the wp_options table.
	* Simplified the process that retrieves filnames.
	* Several under the hood performance improvements (removed obsolete code, improved sensors etc)

**Bug fixes**
	* Event ID 1000 (user login) still logged when IP address is excluded.
	* Change in page template was not being logged with event ID 2048.
	* Event ID 2002 was not always reported in some edge cases.
	* Plugin's directory in uploads was not being created when website was hosted on Flywheel and WordPress.com.
	* Date & time were missing in CSV reports when using some specific date and time formats in WordPress.
	* Super admin role was also shown for administrators on single site setup.
	* Plugin was not showing the correct total of sessions when deleting all sessions.
	* Plugin was generating a PHP error when a network site was deleted.
	* No event was being reported when installing [activity log extensions for third party plugins](https://wpactivitylog.com/extensions/).
	* Plugin installation was not running correctly when installed alongside the [Website File Changes Monitor plugin](https://www.wpwhitesecurity.com/wordpress-plugins/website-file-changes-monitor/).
	* The setting to configure the number of failed logins to keep a log of was reset to default each time the settings page was saved.
	* Wrong variable was used in licensing notifications, resulting in misleading error responses when license failed to activate.

Refer to the [complete plugin changelog](https://wpactivitylog.com/support/kb/plugin-changelog/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.