Support » Plugin: WP Activity Log » Feature request: Activity log retention for 1 week

  • Resolved sergtk

    (@sergtk)


    Hello,

    There is an option “Activity log retention”.

    The minimal values can be set to 1 Month.

    Could you please add an option to set 1 week?

    This may be useful when there are hosting limitations for db size.

    Thank you

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Contributor robertabela

    (@robert681)

    Thank you for using our plugin @sergtk

    May I ask what is the limit for the db size? The logs for 1 month should not take a lot of space, though it depends on how busy the website is.

    Looking forward to hearing from you.

    Thread Starter sergtk

    (@sergtk)

    Usually the size is not an issue.

    But sometimes there is something like brute force attack happens, and it looks like somebody try to guess a passwords from many different IPs.
    In such cases I just disable event “1002 Login failed”, and it is ok, because about 95% of log may be just 1002 event.

    FI: I also have CAPTCHAs. I don’t know if all events are stored in the log or with correct CAPTCHA entered.

    • This reply was modified 2 months, 2 weeks ago by sergtk.
    Thread Starter sergtk

    (@sergtk)

    FYI. I just find out that CAPTCHA plug-in on my site didn’t work on for unknown reasons.
    So I am not sure if failed login are still written to the log, if user does not pass captcha.

    Plugin Contributor robertabela

    (@robert681)

    Hello @sergtk

    That is interesting to find out. Can you do a test yourself and advise? If the user fails the captcha, I do not think the plugin will keep a log but it all depends on how the captcha plugin works.

    Also, in regards to the activity log size, did you know that you can disable specific events? Maybe this is something you should look into and remove any events that are unnecessary for you, rather than keeping a log for just a week. A week of logs is not very useful, you need more data for logs to be really useful.

    Here is how you can do it: https://wpactivitylog.com/support/kb/exclude-logging-specific-change-activity-log/

    I hope the above helps.

    Thread Starter sergtk

    (@sergtk)

    Hello @robert681,

    > A week of logs is not very useful, you need more data for logs to be really useful.

    1 week is small period, I agree with you. But in some unusual cases it may be useful as a temporary configuration.

    > That is interesting to find out. Can you do a test yourself and advise? If the user fails the captcha, I do not think the plugin will keep a log but it all depends on how the captcha plugin works.

    I use this plugin for captcha: https://ru.wordpress.org/plugins/advanced-nocaptcha-recaptcha/ .
    I just played with wrong login parameters.
    And if I either input wrong user/password or captcha, this event is logged: 1002 or 1003 depending if user name exists or not. E.g. if I input correct user name and password, but does not solve the captcha, the event is still logged as 1002. This is similar like for wrong password.

    > Also, in regards to the activity log size, did you know that you can disable specific events? Maybe this is something you should look into and remove any events that are unnecessary for you, rather than keeping a log for just a week.

    I know that I can disable events, it is very useful feature. I disabled 1002. But after I fixed captchas, I enabled 1002 again, it looks good now, the log is clean even events are logged when captchas are not solved.
    Before playing with captcha and log plugins described above, I thought that the event is not logged if captcha is not solved, but it is not the case.
    It seems that some bad guys check captcha existence on the site. I guess if captcha exist they stop guessing a password because it doesn’t make sense anymore.

    • This reply was modified 2 months, 2 weeks ago by sergtk.
    Danny Jones

    (@distinctivepixels)

    Hi @sergtk

    In this case your seeing event 1002/1003 as both the captcha plugin and WPs own form will throw an WP_Error when the logins fails, which is correctly pass through “wp_login_failed” hook which our plugin then picks up on.

    We may expand on these events to so the reason for failure (using the message provided by the WP_Error object) is included however this would be something we revisit in a future release

    Hope this makes sense

    Thanks, Danny @ WP White Security

    Thread Starter sergtk

    (@sergtk)

    It would be useful to have such clarification.
    Thanks.

    Anyway, it would good if you add possibility to specify short term for storing activity log, e.g. 1 week.
    I agree that usually it is not very useful, and has a little sense. But sometimes in emergency/accident cases it could be helpful.

    Thank you

    Plugin Contributor robertabela

    (@robert681)

    Hello @sergtk

    We have added this to our feature request list. However, I’m afraid I cannot guarantee you that this will be added to the product or when it will be added.

    To keep yourself up to date with what is new and improved in our plugins, I’d recommend you to subscribe to our newsletter.

    Please let me know if there is anything else we can help you with.

Viewing 8 replies - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.