THE MOST COMPREHENSIVE & EASY TO USE WORDPRESS AUDIT TRAIL PLUGIN
Keep an audit log of everything that happens on your WordPress and WordPress multisite with WP Security Audit Log to ensure user productivity and identify WordPress security issues before they become a security problem.
WP Security Audit Log is WordPress’ most comprehensive user monitoring and audit log plugin and is used by thousands of WordPress administrators, owners and security professionals. The plugin can also be used to keep an audit trail of WooCommerce store and product changes.
Free and Premium Support
Support for the WP Security Audit Log plugin on the WordPress forums is free. Since it is free support it is not always possible to answer all questions on a timely manner, although we do try our best.
Premium world-class support is available via email to anyone who purchases any of the Premium Add-Ons listed below:
Keep A WordPress Security Audit Log & Identify WordPress Security Issues
WP Security Audit Log keeps a log of everything happening on your WordPress blog or website and WordPress multisite network. By using WP Security Audit Log security plugin it is very easy to track suspicious user activity before it becomes a problem or a security issue. A security alert is generated by the plugin when:
- New user is created via registration or by another user
- First time a user logs in to WordPress
- User changes the role, password or other profile settings of another user
- User on a WordPress multisite network is added or removed from a site
- User uploads or deletes a file, changes a password or email address
- User installs, activates, deactivates, upgrades or uninstalls a plugin
- User creates a new post, page, category or a custom post type
- User modifies an existing post, page, category or a custom post type
- User creates, modifies or deletes a custom field from a post, page or custom post type
- User adds, moves, modifies or deletes a widget
- User installs or activates a new WordPress theme
- User changes WordPress settings such as permalinks or administrator notification email
- WordPress is updated / upgraded
- Failed login attempts
- and much more…
Refer to the complete list of WordPress Security Audit Alerts for more information on what WordPress activity can be monitored with WP Security Audit Log.
Monitor WordPress Users Activity & Productivity
If you own a multi user WordPress blog or website, or a WordPress multisite network installation you can use WP Security Audit Log plugin to monitor your users’ activity and productivity. With WP Security Audit Log WordPress plugin you can monitor:
- When WordPress users log in or out
- From where WordPress users are logging in
- Users who created. modified or deleted categories
- Users who created a blog post, page or a custom post
- Users who published a blog post, page or a custom post
- Users who modified published WordPress content such as custom posts, pages or a blog posts
- Users who moves content such as blog posts or WordPress pages to trash or permanently deletes it
- Users who modify WordPress widgets
- Uses who upload or delete any sort of files
- and much more…
Refer to the complete list of WordPress Security Audit Alerts for more information on what other WordPress user activity can be monitored with the WP Security Audit Log WordPress plugin.
Upgrade to Premium and Extend the Functionaly of the WP Security Audit Log Plugin
Upgrade to Premium to add Email Alerts, Search, Reports and see who is logged in to your WordPress. Else you can buy any of the add-ons listed below separately:
Email Notifications Add-On: get notified via email of important changes. You can setup your own triggers to for example be alerted via email should any WordPress user log in to your WordPress outside office hours.
Users Sessions Management Add-On: see who is logged in to your WordPress and WordPress multisite networks. This add-on also allows you to terminate users’ sessions and either allow or deny multiple sessions for the same WordPress user.
Search Add-On: do free-text based searches in the WordPress audit trail to easily pin-point a specific WordPress user change. The Search add-on also has built-in filters so you can fine tune your searches and find the WordPress change you are looking for easily and quickly.
Reports Add-On: generate any type of HTML and CSV WordPress report. For example generate a WordPress user activity report, role activity report and also site activity report (for WordPress multisite). The Reports Add-On does not restrict you to specific reports types, it allows you to choose any data source for your reports. With this add-on you can also configure automated email summary reports.
External DB Add-on: store the WordPress Audit Trail in an external database to improve the security and perforamnce of your WordPress websites and blogs by ensuring such records are not tempered with even in case the website is hacked. By storing the audit trail in an external database you also ensure that your business WordPress website is compliant with today’s strict regulatory compliance requirements.
WP Security Audit Log for WordPress Multisite
WP Security Audit Log is the first tracking and audit WordPress security monitoring plugin that supports WordPress multisite network installations and can monitor activity on such WordPress multisite network installations.
For more information about the features for WordPress Multisite network installation refer to WP Security Audit Log Features for WordPress Multisite
Easily Create Your Own Custom Alerts
Is there something on your WordPress that the plugin does not monitor, but you would like to keep a record of it? Refer to the Hooks for custom alerts documentation to easily create your own custom alerts and keep record of any change on your WordPress, be it a change in a WordPress customization, a third party plugin and more.
WordPress & PHP Errors Monitoring Tools
Plugins and themes customizations are most probably the norm of the day on large WordPress websites, not to mention the installation of new plugins and components. With WP Security Audit Log now it is easier than ever before to monitor your plugins’, theme’s and other code behaviour, it will generate a alert when a PHP error, warning, exception or shutdown is detected. It is also possible to log all HTTP GET and POST requests that are reaching your WordPress installation to a log file with WP Security Audit Log. Simply enable the PHP Errors monitoring or logging from the plugins settings.
NOTE: Developer options should NEVER be enabled on Live websites. They should only be enabled on testing, staging and development WordPress and WordPress multisite installations.
Other Noteworthy Features
WP Security Audit Log plugin also has a number of features that make WordPress and WordPress multisite monitoring and auditing easier, such as:
- Realtime Audit Log viewer allowing you to see the changers as they happen without any delays
- Built-in support for reverse proxies and web application firewalls more information
- Detailed WordPress audit trail allowing you to see what actually changed when the content of posts, pages and custom post types is changed
- WhatIsMyIpAddress.com integration so you can get all information about an IP address with just a mouse click
- Limit who can view the WordPress audit trail by either users or roles
- Limit who can manage the plugin by either users or roles
- Configurable WordPress dashboard widget highlighting the most recent critical activity
- Configurable WordPress security audit trail automatic pruning
- User role is reported in alerts for a complete overview of what is happening
- User avatar is shown in the alerts for better recognizability
- Enable or disable any security alerts
- and much more…
As Featured On:
- WPLift – Review by Ahmad Awais
- WP SmackDown
- ManageWP Plugins of the month
- Design Wall
- WP Mayor
- Tourqe News
- Shout Me Loud
- Monster Post
- Make a Website Hub
- The Darknet
WordPress Security Audit Log in your Language!
We need help translating the plugin and the WordPress Security Alerts. Please visit the WordPress Translate Project to translate the plugin and drop us an email on email@example.com to get mentioned in the list of translators below.
- Italian translation by Leonardo Musumeci
- German translation by Mourad Louha
- Spanish translation by the WP Body team
Related Links and Documentation
For more information and to get started with WordPress Security, check out the following:
- What is a WordPress Audit Trail?
- List of WordPress Security Alerts
- WordPress Multisite Features
- WP Security Audit Log and Reverse Proxy and WAFs Support
- WP Security Audit Log Database Documentation
- Official WP Security Audit Log Plugin Website
Stay a Step Ahead of the Bad Guys – Keep Yourself Informed
Even if WordPress security is not your cup of tea, the security of your WordPress is your responsibility. Keep yourself up to date with the latest WordPress Security Tips, Tricks and news. Subscribe to the WP Security Bloggers newsletter, for an aggregate of posts from the most popular WordPress security blogs.
WP Security Audit Log Plugin Newsletter
To keep yourself updated with what is new and updated in the WP Security Audit Log plugin please subscribe to the newsletter.
Note: This plugin requires PHP 5.3 or higher. Older versions of PHP are no longer maintained by PHP and are prone to security issues. For more information or if you need assistance with your version of PHP please get in touch with us by using our contact form.
Creates clear, easy to use and useful reports that can be downloaded as csv or viewed in a browser. I also had a problem due my own server config issue and author responded quickly and helpfully. Installing this plugin on all of our sites!
I love this plugin. I have used it for over six months and the insights are invaluable. I mistakenly hid the plugin and couldn't figure out how to fix it. I reached out to Robert Abela and his response was quick and he helped me solve the issue. This is a definite 5 star plugin. Craig
- Bug Fixes
- Removed the PHP Session ID cookie created by mistake for non logged in users.
- Audit trail for WooCommerce Store and Products.
- New Hover over functionality to disable alerts with a single click.
New WooCommerce Audit Trail Alerts
- Refer to the Audit trail WooCommerce Alerts List for a complete list of alerts the plugin uses to keep a record of changes in the WooCommerce store and products.
- Improved severity of alerts and added severity description on hover over.
- Removed all code related to PHP error monitoring, which is no longer used (code spring cleaning).
- Fixed an issue in which 404 logs where still being generated when the logs option was disabled but alert 6007 was enabled.
- Bug Fix
- Updated store URL so premium add-ons can be updated.
- Support for new features in External DB Add-on:
Plugin Improvement (Standardized all date & time formats and timezone)
- Plugin now uses the time & date format configured in WordPress (removed the option from plugin that override this).
- Updated all the Premium Add-Ons to use the time & date format configured in WordPress.
- Changed the Request Log file extension to php and disabled execution (before it was log, hence users could guess it)
- Bug Fix
- Fixed an issue where a page’s title was not being returned Support Ticket
- Bug Fix
- Fixed an issue where previous 404 reports were not being correctly merged. Support Ticket
New WordPress Audit Trail Alerts
- 2100: User opened a post in the editor
- 2101: User viewed the post
- 2102: User opened page in editor
- 2103: User viewed page
- 2104: User opened custom post type in editor
- 2105: User viewed the custom post type
- New setting to configure the number of 404 requests the plugin should record in a logfile from the same IP address.
- Ability to download the 404 log file directly from the alert.
- Added a new setting that disables or enables all of the plugin’s logging. It is disabled by default.
- Organized the plugin settings under different tabs making it is easier to configure.
- Updated the Reports add-on to show 404 log file location in the reports.
- Removed the auto-enabling of 404 requests monitoring (introduced in previous version).
- When 404s are from localhost, localhost is used in filename and not the IP. Support Ticket
- The Add Functionality node is now automatically disabled when one or more premium add-ons are activated.
- Changed the location of request log to /wp-content/uploads/wp-security-audit-log/.
- Changed the extension of the request log file from php to log.
- Plugin won’t keep a record of newly posted comments that are marked as spam by Akismet.
- Fixed the data inspector that was not working in certain installations.
- Fixed an issue with custom alerts, which were overwritten during upgrade. Refer to the custom alerts documentation for more information.
- Updated the Italian translation file with the latest translations.
- Fixed a bug related to database collation which was affecting the generation of reports.
- Bug Fix
- Enabled the 404 logging by default during upgrade and new install. Read this FAQ for more information on this functionality.
Read the WP Security Audit Log 2.5.2 release notes for more details on what is new.
- Logging of 404 Requests to a Log file. Read this FAQ for more information on this functionality.
- Fixed several alerts / monitoring capabilities that were not working correctly in WordPress 4.6.
- Bug fixes
- Fixed the disabling functionality of Alert 6007 because it was not working.
- Fixed the disabling functionality for Alerts 1000 and 10001.
- Merged bug fixes from version 2.4.4 (were not included in 2.5.0).
Read the WP Security Audit Log 2.5.0 release notes for a detailed overview of what is new.
- Plugin now keeps a record in the audit trail of changes in WordPress comments. Refer to the list of alerts for WordPress comments for the complete list.
- Audit log alerts for 404 (page not found) requests.
- Audit log alerts for pages / posts / custom post types automatically created by plugins.
- Added wildcard (*) support for when excluding Custom Fields.
- New setting to customize From email address and display name (The Reports, Email Alerts and Users Sessions Management add-ons have been updated to use the configured email address).
New WordPress Audit Trail Alerts for Changes in Comments
- 2090: User approved a comment
- 2091: User unapproved a comment
- 2092: User replied to a comment
- 2093: User edited a comment
- 2094: User marked a comment as Spam
- 2095: User marked a comment as not Spam
- 2096: User moved a comment to trash
- 2097: User moved a comment out from the trash
- 2098: User permanently deleted a comment
- 2099: Website visitor / User posted a comment (disabled by default. Enable it from the Enable/Disable Alerts node in the plugin menu)
New WordPress Audit Trail Alerts for Plugins Activity
- 5019: Plugin automatically created a post
- 5020: Plugin automatically created a page
- 5021: Plugin automatically created a custom post type
- 5025: Plugin automatically deleted a post
- 5026: Plugin automatically deleted a page
- 5027: Plugin automatically deleted a custom post type
Other New WordPress Audit Trail Alerts
- 5031: User updated a theme
- 2089: User moved an object as a sub-object in a menu
- 6007: User / website visitor requested a non-existing page (404 ERROR)
- Standardized all alerts messages / Improved the text of all of them. Each post / page / custom post type alert has a linkt to the Editor now
- Fixed a cross-site scripting vulnerability in the function AjaxDisableCustomField()
- Fixed the hide plugin setting which was not working in some scenarios. Support Ticket
New Add-On Support
- Included code to support the new Users Sessions Management Add-On, which allows you to see who is logged in to your WordPress and WordPress multisite networks.
New Alerts in the WordPress Audit Trail
- 1004: A login attempt was blocked because a session with the same username already exists
- 1005: Multiple logged-in sessions for the same WordPress username has been detected
- Plugin reports changes when an object is moved as a sub object in a menu.
- Removed hardcoded memory limit in database connector. Now all database connections are done via AJAX calls hence there is no need for such limits.
Read the WP Security Audit Log 2.4 release notes for a detailed overview of what is new in this version.
- New setting allowing the users to configure the timestamp of the alerts. Read the FAQ How to change the time zone in the WordPress Audit Trial for more information.
New WordPress Security Alerts for Content title changes
- 2086: User changed the title of a post
- 2087: User changed the title of a page
- 2088: User changed the title of a custom post type
- Implemented AJAX calls for when migrating the WordPress Audit Trail between databases with the External DB add-on
Read the WP Security Audit Log 2.4 release notes for a detailed overview of what is new.
- Monitoring of WordPress menus changes from both admin pages and theme customizer.
- New hook that allows users to create their own custom alerts. Read the WP Security Audit Log Custom Alerts documentation for more information.
- New alerts for when a either a post, a post or a custom post type is scheduled.
New WordPress Security Alerts for Menus
- 2078: User created a new menu
- 2079: User added objects to menu
- 2080: User removed object from menu
- 2081: User deleted a menu
- 2082: User changed menu settings
- 2083: USer modified an object in menu
- 2084: User renamed a menu
- 2085: User changed the order of the objects in menu
New WordPress Security Alerts for Scheduled Items
- 2074: User scheduled a post for publishing
- 2075: User scheduled a page for publishing
- 2076: User scheduled a custom post type for publishing
- Bug Fixes
- Fixed an issue where automated WordPress updates were not being reported.
- Improved error handling in database queries.
- Bug Fix
- Fixed an issue with the login/logout sensor reported in this ticket.
- Improved the SQL queries used by the Reports Add-On
- Keep track of changes on bbPress forums. For more detailed information read the WP Security Audit Log 2.3 Release Notes
New WordPress Security Alerts
- 8000: User published a new forum
- 8001: User changed the status of a forum
- 8002: User changed the visibility of a forum
- 8003: User changed the URL of a forum
- 8004: User changed the order of a forum
- 8005: User moved forum to trash
- 8006: User permanently deleted a fourm
- 8007: User restored a forum from trash
- 8008: User changed the parent of a forum
- 8009: User changed the role of forum auto user role
- 8010: User changed the option for anonymous posting on forum
- 8011: User changed the forum type
- 8012: User changed the time setting to disallow editing of posts
- 8013: User changed the time setting for post throttling
- 8014: User created new forum topic
- 8015: User changed the status of a forum topic
- 8016: User changed the type of a forum topic
- 8017: User changed the URL of a forum topic
- 8018: User changed the forum for a topic
- 8019: User moved a forum topic to trash
- 8020: User permanently deleted a forum topic
- 8021: User restored a forum topic from trash
- 8022: User changed the visibility of a forum topic
- Improved the performance / queries of the Audit Log Viewer, hence now it is faster when retrieving alerts from bigger databases
- Rewritten and improved the reporting engine for the Reports Add-On
- Aded the revision link in content change security alerts allowing you to see the actual content changes that took place on posts, pages and custom post types. Learn More
- Fixed an issue where user was allowed to disable all columns in Audit Log Viewer Support ticket. Fix recommendation by Bates College.
New WordPress Security Alerts
- 2072: User modifies a post that is submitted for review
- 2073: Contributor submits a post for review
- Fixed an issue in the Reports add-on where not all available users were being listed to generate a report
- Fixed an issue with licensing notifications – now all licensing notifications will be automatically dismissed upon activating a key.
- Fixed an issue where the user reset passwords were not being recorded (since 4.3). Ticket
- Support for the External DB Add-on.
- Integration with WhatIsMyIPAddress.com (Click an IP addresses in Audit Log viewer to get all information about it).
- Settings to Incude or exclude specific columns from the Audit Log viewer.
- Ability to exclude an IP address from monitoring
- New option to disable the reporting of WordPress background tasks (such as deletion of auto draft posts)
- Fixed a problem when trying to customize a widget via the theme customizer support ticket.
- Handling an error that was generated when someone logged in to a WordPress via social media channels.
- Fixed: incorrect alert generated when a widget is moved from the bottom of a container to another.
- Fixed: incorrect alert generated when a custom filed is deleted from a page.
- Fixed an issue where post related actions were not reported for users with author and contributor roles.
- Fixed an issue where in a specific scenario the settings in the options tabel were duplicate.
- Minor Change
- Launched a new WP Security Audit Log website and updated all relevant links.
- New database connector allowing faster and more efficient plugin to WordPress database communication
- Added new option to switch the display time of alerts between 24 hour or 12 hour format
- Sorting functionality in Audit Log Viewer (sort WordPress security alerts by date & time, code or username)
- Fixed issue where super admin roles was not reported when logging in to “sub sites” in WordPress multisite
- Fixed several formatting issues in the Audit Log Viewer (UI)
- Fixed issue where multiple plugins were upgraded via the drop down menu and no alerts were being reported
- Fixed: When unrestricting plugin access from a single admin was not working properly
- Bug Fixes
- Fixed the monitoring of plugin updates for WordPress 4.2 Support Ticket
- Fixed an issue where multiple plugin updates triggered by drop down menu were not being reported
- Fixed a conflict with Magic Fields 2 plugin Support Ticket
- Updated the escaping of add_query_arg() function which could result in a potential XSS
- New Security Alerts
- 5010: plugin created new tables in the WordPress database
- 5011: plugin modified the structure of a number of tables in the WordPress database
- 5012: plugin deleted tables from the WordPress database
- 5013: theme created new tables in the WordPress database
- 5014: theme modified the structure of a number of tables in the WordPress database
- 5015: theme deleted tables from the WordPress database
- 5016: an unknown component created new tables in the WordPress database
- 5017: an unknown component theme modified the structure of a number of tables in the WordPress database
- 5018: an unknown component theme deleted tables from the WordPress database
- 2052: a user changed the parent of a category
- Bug Fix
- Removed a clause which changed the debug log path (used for testing) Support Ticket
- Completely removed the user of the is_admin() function to follow better security practises
- Updated the licensing mechanism to correct problem where WP Security Audit Log premium add-ons could not be activated.
- Fixed several issues where the database tables were not being created during install or upgrade. Support ticket and Support ticket 2
- Fixed an issue where the plugin did not monitor any activity in specific scenarios. Support ticket and Support ticket 2
- Removed duplicate options in the settings page. Support ticket
- Ability to exclude custom fields from monitoring (custom fields can be excluded from the Audit Log Viewer with a simple click or you can specify them in the settings)
- Ability to exclude WordPress users and roles from monitoring
- WP Security Audit Log now has its own settings table in WordPress database. This will provide us with more flexibility and have more centralization of data
- Updated the code where is_admin() function was being used to follow better security practises
- Fixed a problem where a PHP exception was being thrown during the activation of the plugin support ticket
- Bug Fix
- Fixed an issue where the IP address was not being reported for anyone using PHP version 5.3.3 or earlier support ticket
- Improved IP Address validation checks – if IP address format is incorrect the plugin reports “incorrect format” and not “unknown” – This will help us improve troubleshooting
- Alerts pruning options are now added during activation of the plugin, making pruning options more reliable – existing pruning options will be retained
- Fixed issue with the option “auto / manual” refresh of Audit Log Viewer
- Fixed plugin uninstallation process (added new option to purge all plugin data from WordPress database upon uninstall)
- Premium Add-Ons will be hidden from the WordPress plugins page when the Hide plugin option is enabled.
- Updated some of the help text in plugin’s settings page
- Updated the text of some WordPress security alerts
- Fixed a bug related to the reverse proxy / IP retrieval functionality
- Fixed an issue related to Sandbox removal and upgrades Support Ticket
New Features and Options
- Plugin automatically retrieves user’s originating IP address even if WordPress is installed behind a reverse proxy, web application firewall or load balancer. For more information refer to WP Security Audit Log, Reverse Proxies and WAFs
- New option to omit internal IP addresses from being reported in the WordPress security audit log
- The sandbox was removed from the plugin. If you need to use the sandbox for troubleshooting and tested contact us since we migrated it to a standalone extension.
- Fixed a bug where site administrators where not able to view the WordPress security alerts for their sites in a WordPress multisite installation
- Improved some SQL queries as reported in this support ticket
- Fixed an issue with alerts pruning (when pruning was set by number of alerts the plugin was pruning all alerts)
New WordPress Security Alerts
- Alert 2065: The content of published post has been modified
- Alert 2066: The content of published page has been modified
- Alert 2067: The content of published custom post type has been modified
- Alert 2068: The content of a draft post has been modified
- Alert 2069: The content of a draft page has been modified
- Alert 2070: The content of a draft custom post type has been modified
- Alert 2071: Changed the position of a widget in the same container
WordPress Security Audit Log Viewer Improvement
- Removed fixed width from columns, hence now they are dynamically resized depending on your resolution
New WordPress Security Alerts
- Alert 2065: User modified the content of a blog post
- Alert 2066: User modified the content of a WordPress page
- Alert 2067: User modified the content of a custom post type
- We have also improved the code of some of the sensors which monitor the WordPress activity
- Bug Fix
- Fixed an issue with the queries used for the alerts pruning as reported in this support ticket.
- Added new Extensions page to allow users to see which extensions they can use to increase the functionality of the plugin
- Included licensing mechanism to support premium extensions
- Updated latest language files for German and Italian translations (also include corrections for some old translations)
- Fixed a problem with the pruning of WordPress Security Alerts support ticket
- Fixed pagination issue in the Audit Log Viewer when running on WordPress multisite
- New option “Restrict Plugin Access” that allows WordPress administrators to further restrict access to the plugin and the WordPress security alerts
- Updated the Audit Log Viewer backend to retriev WordPress security alerts much faster and consume less resources on large websites
- Moved the Audit Log plugin menu entry underneath the dashboard entry for better access
- Several minor enhancements to the plugin to perform better on large WordPress installations
- Fixed an uncaught exception with Logout Alert 1001 support ticket
- Several performance improvements and tweaks applied
- Updated Italian translations
- Monitoring of custom fields in WordPress posts, pages and custom post types.
New WordPress Security Alerts
- Alert 2053: User created new custom field in blog post
- Alert 2054: User modified the value of custom field in blog post
- Alert 2055: User deleted a custom field in blog post
- Alert 2062: User renamed custom field in blog post
- Alert 2059: User created new custom field in page
- Alert 2060: User modified the value of custom field in page
- Alert 2061: User deleted custom field from page
- Alert 2063: User renamed custom field in
- Alert 2056: User created new custom field in custom post type
- Alert 2057: User modified the value of custom field in custom post type
- Alert 2058: User deleted a custom field from custom post type
- Alert 2064: User renamed custom field in custom post type
- Improved the writing and reading of WordPress alerts from the WordPress database (plugin runs more efficiently on high traffic WordPress and WordPress multisite installations)
- Improved the monitoring of WordPress login and logout actions
- Applied various plugin performance tweaks
- Improved database structure for better support of high-traffic WordPress and WordPress multisite installations
- Developer options are reset during updates for improved performance
- Added a warning / note to the developer options (such options should NEVER be enabled on live websites but only on testing, staging and development websites)
- Fixed database issue with primary key constraint
- Italian translation available thanks to Leonardo Musumeci
- Added a warning for developer options
- “Hidden” developer options from default settings; user has to click link to access developer settings
- Backtrace logging now made optional from a developer setting
- Solved several issues related to translations. Now everything in the plugin is translatable
- Fixed several other issues reported by email
- Bug Fix
- Fixed reported issue with upgrade (more info here)
- Unlimited Alerts can be stored (removed the 5000 alerts limit)
- Alert time now includes milliseconds for more precision (ideal for auditing and compliance)
- Reported alert time is now relative to user’s configured timezone
- Alerts automatic pruning procedures can now be enabled / disabled
- Option to hide WP Security Audit Log from Plugins page in WordPress
- If there are more than 15 websites in a multisite installation, an auto complete site search box is shown instead of the drop down menu
New WordPress Security Alerts
- Alert 5007: User has uninstalled / deleted a theme
- Alert 5008: Super administrator network activated a theme on multisite
- Alert 5009: Super administrator network deactivated a theme on multisite
- User avatar is shown in the alert to allow administrators to easily recognize users and their activity
- Clickable username in alerts allow administrators to access user’s profile instantly
- User role is reported in alert so administrators can easily track any suspicious behaviour
- PHP Version checker; upon installation the plugin will check what version of PHP is installed on the system
New WordPress Security Alert for monitoring plugin files
- Alert 2051: User changed a plugin file using the plugin editor (note: filename and location will also be reported in the alert)
- Fixed wrapping problem in alerts dashboard widget
- Fixed upgrade script to properly create the new tables in the WordPress database
Complete plugin rewrite making the new version more stable and scalable
- New Audit Log viewer
- Auto refresh of security alerts – WordPress administrators do not need to refresh the Audit Log Viewer page to see new alerts
- Data Inspector reports more insider information about each alert (can be enabled from settings)
- Sandbox allows developers to execute PHP code for troubleshooting (can be enabled from settings)
- Request Log that logs all HTTP GET and POST requests done on WordPress (can be enabled from settings)
- Logging of PHP Errors; ideal for developers who want to monitor WordPress for any errors (can be enabled from settings)
- New Support and About Us page that you should check out!
New WordPress Security Alerts for monitoring themes, WordPress settings, files and much more
- Alert 2046: User modified a file using the editor
- Alert 2047: User changed parent of page
- Alert 2048: User changed template of page
- Alert 2049: User set post as sticky
- Alert 2050: User removed post from Sticky
- Alert 5005: User installed a new theme
- Alert 5006: User activated a theme
- Alert 6004: User upgraded WordPress
- Alert 6005: User changed the WordPress permalinks
New WordPress Developer Alerts
- Alert 0000: Unknown error
- Alert 0001: PHP Error
- Alert 0002: PHP Warning
- Alert 0003: PHP Notice
- Alert 0004: PHP Exception
- Alert 0005: PHP Shutdown Error
- Bug Fix
- Disabled debugging by default (left enabled by mistake)
- Bug Fix
- Bug Fix
- Fixed errors in debug code (used for when debugging is enabled in plugin)
- New Plugin Feature
WordPress Multisite Support Read More
New WordPress Security Alerts for monitoring specific multisite activity on a WordPress multisite network installation
- Alert 4008: User is granted super admin privileges (network)
- Alert 4009: Super admin privileges (network) are revoked from a user
- Alert 4010: Added an existing user to a site and assigned a specific role
- Alert 4011: Removed user with a specific role from a site
- Alert 4012: New user created on the network
- Alert 7000: Added a new site to network
- Alert 7001: A site was archived
- Alert 7002: A site was unarchived
- Alert 7003: A site was activated
- Alert 7004: A site was deactivated
- Alert 7005: A site was deleted
- Plugin settings page to have the same look and feel of the new WordPress dashboard (3.8)
- Bug Fix
- Fixed an issue with Edit Post function (in very specific cases) (https://wordpress.org/support/topic/was-working-great-no-post-edit-function-now)
New WordPress Security Alerts for monitoring of Widgets
- Alert 2042: New widget was added
- Alert 2043: A widget was modified
- Alert 2044: A widget was deleted
- Alert 2045: A widget was moved
New Plugin Features
- New setting to allow specific user(s) and role(s) to view the Audit Log Viewer (read only)
- New setting to allow specific user(s) and role(s) to manage the WP Security Audit Log plugin (can change plugin settings, enable disable WordPress security alerts etc)
- Renamed “login/logout” tab in “Enable/Disable Alerts” section to plugins to “Other User Activity”
- Added the files alerts (uploaded / delete files) to the “Enable/Disable Alerts” (previously unavailable)
- Fixed issue where all users were able to see the Dashboard widgets with security alerts – now restricted only to users who have access to the plugin
- Fixed user reported issue (https://wordpress.org/support/topic/errors-on-enabledisable-alerts-page)
New WordPress Security Alerts for Custom Post Types
- Alert 2029: New post with custom post type created and saved as draft
- Alert 2030: Post with custom post type is publishes
- Alert 2031: A published post with custom post type is modified
- Alert 2032: A draft post with custom post type is modified
- Alert 2033: A post with custom post type was permanently deleted
- Alert 2034: A post with custom post type was moved to trash
- Alert 2035: A post with custom post type was restored from trash
- Alert 2036: The category of a post with custom post type was changed
- Alert 2037: The URL of a post with custom post type was changed
- Alert 2038: The author of a post with custom post type was changed
- Alert 2039: The status of a post with custom post type was changed
- Alert 2040: The visibility of a post with custom post type was changed
- Alert 2041: The date of a post with custom post type was changed
New Plugin Features
- Enable/Disable Alerts node that allows WordPress administrators to switch on or off specific WordPress security alerts
- Dashboard widget that shows the latest 5 WordPress security alerts (widget can be switched on or off from the plugin settings)
- Plugin is now language aware and we can accept translations
- Updated settings page to have the same look and feel of WordPress
- Improved the upgrade procedure of the plugin
- Updated the Audit Log Viewer display to support more resultions such as those of tables and smartphones
New WordPress Security Alerts
- Alert 6001: Anyone can Register option in WordPress settings was changed
- Alert 6002: Default use role in WordPress settings was changed
- Alert 6003: Administrator notification email in WordPress settings was changed
- Alert 2025: Visibility of a blog post was changed
- Alert 2026: Visibility of a page was changed
- Alert 2027: Date of a blog post was changed
- Alert 2028: Date of a page was changed
- Links to the Audit Log Viewer and Settings in the plugin summary page
- Time of Failed Login alerts now reflects the time of last failed login attempt
- Fixed: Incorrect alerts generated when author of page was changed from quick edit mode
- Fixed: Conflict with WP Mandrill and other plugins using pluggable.php
- Fixed: Incorrect alerts generated when plugin is installed via a zip file / upload method
- Restricted plugin options and WordPress Audit Log Event Viewer only to WordPress administrators
- Improved failed logins events (events generated from the same IP, or same username will be grouped to avoid mass flooding of security events)
- Security Events pruning now uses wp-cron functionality (improved stability and reliability of events pruning)
- Applied several performance improvements (faster loading of events etc)
- Added support for permalinks; now events will include page or blog post URL rather than ID
- Added new alerts for when a page or blog post status is changed from draft, pending review or published
- Added new alert for when a page or blog post URL or author is changed
- Added new alert for when a blog post category is changed
- Added new alerts for when a user creates or deletes a category
- Added new alert for when the author of a blog post or page is changed
- Added new plugin alerts for when a plugin is installed, uninstalled or upgraded
- Updated navigation menu to use standard WordPress dashboard icons etc
- Initial beta release of WP Security Audit Log.