=== WP Activity Log ===
Contributors: WPWhiteSecurity, robert681
Plugin URI: https://wpactivitylog.com
License: GPLv3
License URI: https://www.gnu.org/licenses/gpl.html
Tags: activity log, wordpress activity logs, security audit log, audit log, user tracking, security event log, audit trail, wordpress security monitor, wordpress admin, wordpress admin monitoring, user activity, admin, multisite, SMS alerts, wordpress monitoring, email notification, wordpress email alerts, tracking, user tracking, user activity report, wordpress audit trail
Requires at least: 3.6
Tested up to: 5.5
Stable tag: 4.1.3.2
Requires PHP: 5.5

The #1 user-rated activity log plugin. Keep a comprehensive log of the changes that happen on your site with this easy to use plugin.

== Description ==

<strong>THE MOST COMPREHENSIVE & EASY TO USE WORDPRESS ACTIVITY LOG PLUGIN</strong><br />

Keep an [activity log](https://wpactivitylog.com/wordpress-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) of everything that happens on your WordPress sites and multisite networks with the WP Activity Log plugin to:

* Ensure user productivity
* Improve user accountability
* Ease troubleshooting
* Know exactly what all your users are doing
* Better manage & organize your WordPress site & users
* Easily spot suspicious behavior before there are security problems.

[WP Activity Log](https://wpactivitylog.com/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) is the most comprehensive real time user activity and monitoring log plugin. It helps thousands of WordPress administrators and security professionals keep an eye on what is happening on their websites. It is also the most highly rated WordPress activity log plugin and have been featured on popular sites such as GoDaddy, Kinsta and WPBeginner.

[youtube https://www.youtube.com/watch?v=1nopATCS-CQ]

> <strong>Note</strong>: The WordPress activity log is FREE. Features such as reports, email notifications, SMS alerts, search and many others are available in the <Strong>[Premium Edition](https://wpactivitylog.com/features/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)</strong>.
>

#### Maintained & Supported by WP White Security

WP White Security builds high-quality niche WordPress security & management plugins such as [Password Policy Manager for WordPress](https://www.wpwhitesecurity.com/wordpress-plugins/password-policy-manager-wordpress/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=PPMWP&utm_content=plugin+repos+description), a plugin with which you can ensure all your users use strong passwords.

Browse our list of [WordPress plugins](https://www.wpwhitesecurity.com/wordpress-plugins/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=all+plugins&utm_content=plugin+repos+description) that can help you better manage and improve the security of your WordPress websites and users.

### WordPress Changes & Details the Plugin Keeps a Log Of
As a comprehensive & complete WordPress activity log solution WP Activity Log does not just tell you that a post, a user profile, or an object was updated. It tells you exactly what was changed within the post, the user profile, or the object.

Below is a summary of the changes that the plugin can keep a record of:

* **Post, Page and Custom Post Type changes** such as status, [content changes](https://wpactivitylog.com/support/kb/how-keep-record-of-content-changes/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description), title, URL, custom field & other metadata changes

* **Tags and Categories changes** such as creating, modifying or deleting them, and adding or removing them from posts

* **Widgets and Menus changes** such as creating, modifying or deleting them

* **User changes** such as user created or registered, deleted or added to a site on multisite network

* **User profile changes** such as password, email, display name and role changes

* **User activity** such as login, logout, failed logins and terminating other sessions

* **WordPress core and settings changes** such as installed updates, permalinks, default role, URL and other site-wide changes

* **WordPress multisite network changes** such as adding, deleting or archiving sites, adding or removing users from sites etc ([activity logs for multisite networks](https://wpactivitylog.com/support/kb/activity-log-multisite-network-features/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)).

* **Plugins and Themes changes** such as installing, activating, deactivating, uninstalling and updating them

* **WordPress database changes** such as when a plugin adds or removes a table

* Changes on **WooCommerce Stores & Products**, **Yoast SEO**, **Advanced Custom Fields (ACF)**, **MainWP** and other popular WordPress plugins.

* **[WordPress site file changes](https://wpactivitylog.com/support/kb/wordpress-files-changes-warning-activity-logs/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)** such as new files are added, or existing ones are modified or deleted.

For every event that the plugin keeps a log of it also reports the:

* Date & time (and milliseconds) of when it happened,
* User & role of the user who did the change,
* Source IP address from where the change happened.

Refer to [WordPress activity log event IDs](https://wpactivitylog.com/support/kb/list-wordpress-activity-log-event-ids/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) for a complete list of all the changes WP Activity Log can keep a record of.

### Extend the Functionality of WP Activity Log
<strong>[Upgrade to WP Activity Log Premium](https://wpactivitylog.com/pricing/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)</strong> to:

* See who is logged,
* See what everyone is doing in real time,
* Log off any user with just a click,
* Generate HTML and CSV reports,
* Export the activity log in CSV (ideal for integrations),
* Get notified via email of important changes,
* Get instant SMS message notifications of critical site changes,
* Search the activity log using text-based searches,
* Use built-in filters to fine tune the searches,
* Store activity log in an external database to improve security,
* Mirror the WordPress activity logs to Slack, Papertrail, Syslog and other central log management and collaboration solutions,
* Configure archiving and mirroring of logs.

Refer to the [features page](https://wpactivitylog.com/features/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) for more detailed information on the plugin's features.

### Free and Premium Support

Support for WP Activity Log is free on the WordPress support forums.

Premium world-class support is available via email to all [WP Activity Log Premium](https://wpactivitylog.com/features/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) customers.

> <strong>Note</strong>: paid customers support is given priority and is provided via one-to-one email and over the phone. [Upgrade to Premium](https://wpactivitylog.com/pricing/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) to benefit from priority support.
>

#### Other Noteworthy Features
Apart from the activity logs and the already mentioned features, WP Activity Log has a number of non-logging specific features that make it a complete WordPress logging solution, such as:

* Built-in [support for reverse proxies and web application firewalls](https://wpactivitylog.com/support/kb/support-reverse-proxies-web-application-firewalls/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* Full [WordPress multisite support](https://www.wpsecurityauditlog.com/documentation/wordpress-multisite-plugin-features-support/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* Easily [create your custom alerts](https://wpactivitylog.com/support/kb/activity-log-multisite-network-features/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) to monitor additional functionality
* Developer tools including the logging of all HTTP GET and POST requests
* Integration with WhatIsMyIpAddress.com so you can get all information about an IP address with just a mouse click
* Limit who can view the WordPress activity log by either users or roles
* Limit who can manage the plugin
* Settings to enable or [disable individual event IDs from the activity log](https://wpactivitylog.com/support/kb/exclude-logging-specific-change-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* Configurable dashboard widget highlighting the most recent critical activity
* Configurable [WordPress activity log retention policies](https://wpactivitylog.com/support/kb/activity-log-retention-policies/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* User avatar is shown in the events for better recognizability
* and much more...

Refer to the <strong>[WordPress activity log plugin datasheet](https://wpactivitylog.com/activity-log-plugin-datasheet/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)</strong> for a complete list of features.

### As Featured On:

* [GoDaddy](https://www.godaddy.com/garage/decode-security-logs-wordpress/)
* [Kinsta](https://kinsta.com/blog/wordpress-activity-log/)
* [Pagely](https://pagely.com/blog/2015/01/log-wordpress-dashboard-activity-improved-security-auditing/)
* [Shout Me Loud](https://www.shoutmeloud.com/wordpress-security-audit-log.html)
* [The Dev Couple](https://thedevcouple.com/wp-security-audit-log-review/)
* [WPKube](http://www.wpkube.com/improve-wordpress-security-wp-security-audit-log/)
* [WPLift](http://wplift.com/audit-wordpress-security-logs)
* [WP SmackDown](https://wpsmackdown.com/wp-plugins/wp-security-audit-log/)
* [SourceWP](https://www.sourcewp.com/wp-security-audit-log-plugin-review/)
* [Techwibe](https://www.techwibe.com/wp-security-audit-log-wordpress-plugin/)
* [KevinMuldoon.com](https://www.kevinmuldoon.com/wp-security-audit-log-review/)
* [Cloudways](https://www.cloudways.com/blog/monitor-wordpress-with-wp-security-audit-log-plugin/)
* [Collective Ray](https://www.collectiveray.com/wp/plugins/wordpress-security-audit-log)
* [BlogVault](https://blogvault.net/wp-security-audit-log-plugin-review/)
* [Firewall.cx](http://www.firewall.cx/general-topics-reviews/security-articles/1146-wordpress-audit-monitor-log-site-security-alerts.html)
* [Design Wall](http://www.designwall.com/blog/10-wordpress-multisite-plugins-you-shouldnt-live-without/)
* [Tidy Repo](https://tidyrepo.com/wp-security-audit-log-wordpress-activity-log/)
* [Monster Post](http://blog.templatemonster.com/2015/12/15/wp-security-audit-log-plugin-review/)
* [The Darknet](http://www.darknet.org.uk/2015/10/wp-security-audit-log-a-complete-audit-log-plugin-for-wordpress/)
* [WebEmpresa](https://www.webempresa.com/blog/auditando-cambios-en-wordpress.html)
* [KitPloit](http://www.kitploit.com/2016/10/wp-security-audit-log-ultimate.html)
* [EHacking](https://www.ehacking.net/2018/10/how-activity-log-wordpress-plugin.html)

#### WP Activity Log in your language!
We need help translating the plugin and the activity log events. Please visit the [WordPress Translate Project](https://translate.wordpress.org/projects/wp-plugins/wp-security-audit-log/) to translate the plugin. Drop us an email on support@wpwhitesecurity.com to get mentioned in the list of translators below.

* Italian translation by [Leonardo Musumeci](http://leonardomusumeci.net/)
* German translation by [Mourad Louha](http://excel-translator.de)
* Brazilian Portuguese translation by [Hudson Santos](https://www.smallbee.com.br/)
* Spanish translation by the [WP Body team](https://wpbody.com/)
* French translations by Denis Moscato

#### WP Activity Log extensions for third party plugins

* <strong>[WP Activity Log for WooCommerce](https://wpactivitylog.com/extensions/woocommerce-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)</strong>: When you install this extension you keep a log of changes your team does to the WooCommerce store settings, orders, products, coupons _ much more.
* <strong>[WP Activity Log for WPForms](https://wpactivitylog.com/extensions/wpforms-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)</strong>: When you install this extension you keep a log of changes your team does in the WPForms plugin, forms, form files, entries (leads) and more.
* <strong>[Activity Log for MainWP](https://wpactivitylog.com/extensions/mainwp-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)</strong>: With this MainWP extension you keep a log of the MainWP network changes and can see the activity logs of all child sites from one central location - the MainWP dashboard.
* <strong>[WP Activity Log for bbPress](https://wordpress.org/plugins/wp-security-audit-log-add-on-for-bbpress/)</strong>: With this extension you can keep a log of changes in bbPress forums, topics, bbPress settings and more.

#### Related Links and Documentation

* [What is the WordPress activity log?](https://wpactivitylog.com/wordpress-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* [List of WordPress activity log event IDs](https://wpactivitylog.com/support/kb/list-wordpress-activity-log-event-ids/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* [WordPress Multisite Features](https://wpactivitylog.com/support/kb/activity-log-multisite-network-features/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* [WP Activity Log support for reverse proxies & WAFs](https://wpactivitylog.com/support/kb/support-reverse-proxies-web-application-firewalls/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* [WP Activity Log database documentation](https://wpactivitylog.com/support/kb/plugin-database-documentation/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* [The WP Activity Log plugin website](https://wpactivitylog.com/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
* [Activity logs for MainWP](https://wpactivitylog.com/extensions/mainwp-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)

== Installation ==

=== Install WP Activity Log from within WordPress ===

1. Visit 'Plugins > Add New'
1. Search for 'WP Activity Log'
1. Install and activate the WP Activity Log plugin
1. Allow or skip diagnostic tracking

=== Install WP Activity Log manually ===

1. Upload the `wp-security-audit-log` directory to the `/wp-content/plugins/` directory
1. Activate the WP Activity Log plugin from the 'Plugins' menu in WordPress
1. Allow or skip diagnostic tracking

== Frequently Asked Questions ==

= Support and Documentation =
Please refer to our [support pages](https://wpactivitylog.com/support/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) for all the technical information and product documentation.

== Screenshots ==

1. The WordPress activity logs from where the site administrator can see all the user and site changes.
2. See who is logged in to your WordPress and manage users sessions with [Users Sessions Management](https://www.wpsecurityauditlog.com/premium-features/wordpress-users-sessions-management-tools/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
3. The plugin settings from where site administrator can configure generic plugin settings such as [reverse proxy support](https://www.wpsecurityauditlog.com/support-documentation/support-reverse-proxies-web-application-firewalls/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description), who can manage the plugin etc.
4. The WordPress audit trail settings from where you can configure automatic pruning of alerts, which timestamp should be used, how many 404 requests should be logged and more.
5. Configuring WordPress email and SMS alerts with the [Email & SMS Notifications module](https://www.wpsecurityauditlog.com/premium-features/email-notifications-wordpress-activity-log/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
6. Search in the WordPress activity log with the use filters to fine tune the search results.
7. The Enable/Disable events section from where Administrators can disable or enable activity log events.
8. The Log Viewer of a Super Admin in a WordPress multisite network installation with the Site selection drop down menu.
9. WP Activity Log is integrated with the built-in revision system of WordPress, thus allowing you to see what content changes users make on your WordPress posts, pages and custom post types. For more information read [Keep Record of All WordPress Content Changes](https://www.wpsecurityauditlog.com/support-documentation/how-keep-record-of-content-changes/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description)
10. Mirror the WordPress activity log to an external solution such as Syslog or Papertrail to centralize logging, ensure logs are always available and cannot be tampered with in the unfortunate case of a hack attack.

== Changelog ==

= 4.1.3.2 (2020-08-14) =

* **Improvement**
	* Released extension [WP Activity Log for WooCommerce](https://wordpress.org/plugins/wp-activity-log-for-woocommerce/) update 1.1 (improved logging etc).

* **Bug fixes**
	* The orders details in WooCommerce were not being added to the order ([Support ticket](https://wordpress.org/support/topic/update-4-1-31-broken-woocommerce-urgent/)).
	* An empty space was added to the top of the WordPress admin menu.
	* Third party plugins extensions notification not showing in the activity log viewer.
	* Thurd party plugins extension help text was shown on the wrong pages.

= 4.1.3 (2020-08-11) =

Release notes: [WP Activity Log 4.1.3: New extension for WooCommerce & other updates](https://wpactivitylog.com/wsal-4-1-3/)

* **IMPORTANT**
	* Only update from 4.1.2 to 4.1.3. If you are using an older version, first update to 4.1.2 before updating to 4.1.3.

* **New features**
	* The all new [WP Activity Log for WooCommerce](https://wordpress.org/plugins/wp-activity-log-for-woocommerce/) extension (needed to keep a log of changes on WooCommerce store, products, orders & much more).
	* New [plugin and activity log privileges](https://wpactivitylog.com/support/kb/managing-wordpress-activity-log-plugin-privileges/) that allow super admins on a multisite network to restrict activity log access to site admins and other super admins.
	* Coverage for changes done to relationship custom fields created with ACF.

* **New activity log events**
	* ID 2131: Added relationships in a custom field.
	* ID 2132: Removed relationships from a custom field.
	* ID 9101: Created new product tag in WooCommerce.
	* ID 9102: Deleted a product tag in WooCommerce.
	* ID 9103: Renamed a product tag in WooCommerce.
	* ID 9104: Changed the slug of a product tag in WooCommerce.

Refer to the [complete list of activity log event IDs](https://wpactivitylog.com/support/kb/list-wordpress-activity-log-event-ids/) for more detailed information.

* **Improvements**
	* Improved the plugin's coverage of WooCommerce stores, products, orders etc by adding new events, and updating the current sensor.
	* Plugin now uses the default WordPress options table to store settings (performance enhancement).
	* Refactored all settings in the database so they all use yes/no values.
	* Restricted the plugin's and activity log settings to the network dashboard only on a multisite network.
	* Change in wp_wsal_sessions table structure: now plugin uses session ID as unique identifier in table.
	* Plugin keeps the ID of the sites a user is logged in to on a multisite network.
	* Removed the Import/Export plugin settings functionality (a much better utility will be designed and launched as a replacement).
	* File changes detected by the Website File Changes Monitor plugin are now reported in the daily summary email.
	* Log files working directory in uploads directory renamed to wp-activity-log.
	* If no path is specified for the log files working directory, the default path is used.
	* Improved activity log privileges - on multisite super admin can restrict site admins from seeing their own site's activity logs.
	* WooCommerce front end sensor is automatically enabled if admin enables events to track purchases of non-logged in users.
	* Improved the text of the third party plugins extensions notifications.
	* Updated the format of event IDs 9070 and 4020 to matches the standard template.
	* Coverage of WooCommerce coupon changes has been improved andplugin can now keep a log of usage restriction changes in coupons.
	* IP address in list of logged in users is now linked to WhatIsMyIPAddress.com.
	* Added a message for when no sessions are shown in the Logged In users section.
	* Minor changes in the plugin's settings pages.
	* Updated some notifications used by the third party plugins extensions.
	* Third party plugins extensions are now automatically activated on multsite network when installed.
	* Removed all code that was used for file scanning. Now plugin is fully integrated with Website File Changes Monitor.

* **Bug fixes**
	* Extensions notifications were wrongly shown to sub sites admins on multisite.
	* Event 1002 (failed user login) was wrongly reported when a user session is blocked.
	* When the setting Delete data on uninstall was enabled the plugin was not deleting all the data from the database.
	* Event ID 1002 (failed user login) incorrectly links to log file.
	* Plugin does not send logs to [Activity Log for MainWP](https://wpactivitylog.com/extensions/mainwp-activity-log/) extension when child site uses a non-default admin URL.
	* Error when loading user session tokens from usermeta table in some cases.
	* Users sessions table was moved to external database when activity log is stored in an external database.
	* Plugin was reporting event ID 1000 (login) when user changes own password in user profile page.
	* Plugin's log files working directory was hardcoded (uploads directory).
	* When super admins changed the plugin's settings on a child site, the settings were not applied globally.
	* Users who are allowed to view the activity log can also see who is logged in.
	* The old plugin name was shown on the daily summary email template.
	* Plugin created working directory in wrong location when site address is different than WordPress address.
	* Setup wizard shows all the extensions for third party plugins instead of those for the installed plugins.
	* Wrong anchor text "view post in editor" used for WooCommerce products.
	* Unknown object reported instead of actual Object in some of the [WPForms activity log](https://wpactivitylog.com/extensions/wpforms-activity-log/) events.
	* Event ID 2080 not reported when the last item was removed from the site menu.
	* Plugin logo missing from license activation screen.
	* [Website File Changes Monitor](https://www.wpwhitesecurity.com/wordpress-plugins/website-file-changes-monitor/) custom posts type changes were reported (these are ignored by default).

Refer to the [complete plugin changelog](https://wpactivitylog.com/support/kb/plugin-changelog/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WSAL&utm_content=plugin+repos+description) for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.