WP Security Audit Log 3.0 Is Released

After three long months, WP Security Audit Log version 3.0 has finally arrived. The most recent version of WordPress’ most comprehensive and complete activity log solution features a new licensing model & mechanism, new alerts, several updates and bug fixes. Here is a highlight of what is new and improved in the latest version of this plugin.

New Licensing Model

As announced a few days ago, from version 3.0 onward we will no longer sell individual add-ons. Instead the WP Security Audit Log will be available in four editions:

  • Free – as it currently is,
  • Starter – includes Email Alerts and Search,
  • Professional – includes Email Alerts, Search, Reports, Users Sessions Management, Database Management and Integrations module,
  • Business – the same as the Professional Edition but also with priority support and account manager.

For more details on the new licensing mechanism, such as when the existing customers will be migrated, read the post  2018 – New Licensing Model for the WP Security Audit Log WordPress Plugin. If you have any questions on the new licensing mechanism please do not hesitate to contact us.

FeatureFreeStarterProfessionalBusiness
SupportForumsEmail & PhoneEmail & PhoneEmail & Phone
Comprehensive Audit Log
Email Notifications
Search & Filters
Reports
Users Sessions Management
External DB & Integrations
Priority Support

Integration with Freemius

In this release of WP Security Audit Log plugin we also included Freemius, which will allow us to provide free trials, better manage our licensing program and accept credit card payments via a new payment gateway, not just PayPal payments.

Freemius will also give us the functionality to better understand our users and how they are using our plugin, thus helping us in continuously improve the plugin and make sure it meets all of our customers’ requirements. You can read more about Freemius in What is Freemius and How Do We Use It.

Note that opting in is optional and should you choose to not opt-in, the plugin will still work. Also when you opt-in to send us diagnostic data, NO audit log and user activity is sent to us.

Freemius & WP Security Audit Log

Other Noteworthy Features

Apart from the two big changes above, which took most of the development time for this release, we also managed to fit in some other new features, which are:

  • New Alerts for change of WordPress URL (6024) and site URL (6025),
  • Fixed a number of coding issues to make the plugin WP Engine compliant,
  • Plugin now also captures the status and created date of a post. This data is needed to implement new features in future versions.
  • Updated the Italian translation files.

All of these improvements along with a number of a handful of bug fixes help make the WP Security Audit Log plugin better than ever before.

Updating WP Security Audit Log

The update of version 3.0 is available today and can be installed directly from your WordPress admin Plugins page. Should you have any queries or require any assistance, do not hesitate to get in touch with us.

Send Some Stars Our Way

If you have been using the WP Security Audit Log plugin please send some stars our way! Spare a minute of your day to rate our plugin. We really like stars!

Managing WordPress Revisions for Posts and Pages

wordpress_revisions

“The WordPress revisions system stores a record of each saved draft or published update. The revision system allows you to see what changes were made in each revision by dragging a slider (or using the Next/Previous buttons). The display indicates what has changed in each revision – what was added, what remained unchanged, and what was removed. Lines added or removed are highlighted, and individual character changes get additional highlighting.”
 WordPress Codex (the online manual for WordPress)

The WordPress revisions system also allows you to undo content changes and restore older versions of posts and pages. The WordPress revisions system works for posts and pages. There are third party solutions that can enable revisions for posts with custom types though we won’t be covering them in this post.

Do You Need Revisions on Your WordPress Website?

If you write a lot of content, or have a team of people working on the website it can be a life saver. Revisions are certainly a must have for business websites. In some cases, businesses operating in the finance, legal, healthcare and similar industries are legally obliged to keep a record of all the changes that happen on their WordPress website, including content changes. There are also many regulatory compliance rules that specifically require businesses to keep a record of every change that happens on their WordPress website.

The WP Security Audit Log plugin uses the WordPress Revisions to keep a record of all content changes on a website it is installed on.

How Do WordPress Revisions Work?

WordPress revisions are enabled by default but in some cases they might be turned off by the hosting provider. To check if they are enabled on your WordPress website make a small content change to a post or page and save it. If revisions are enabled the Revisions count should be updated in the top right hand side pst status box, which is highlighted in the below screenshot.

WordPress Revisions counter

Reviewing Posts & Pages Revisions

Once you make changes to a post or page, and a revision is saved then you can use the Revisions viewer to see the changes. The red and green markers highlight which of the text was removed, updated and changed in between posts. The slider at the top can be used to browse through the different revisions of that post.

Reviewing the different revisions of a WordPress post or page

You can also compare two different revisions of a post in the revision viewer by clicking the option Compare any two revisions and using the slider to select the revisions, as seen in the below screenshot.

Comparing two revisions of a post

Revisions and the WordPress Database

Every time you update the title, content or excerpt of a post or page WordPress adds an additional entry in the WordPress database. The new entry is a new row in the wp_post table, as if a new post was created. The main differences between a row in the database of a new post and that of revision are the values of the post_name and post_type columns.

post_name column & value

The value of the post_name column is the title of the post. Though when a revision of a post is saved, the following naming format is used – [post ID of original post]_revision_v1. Therefore if the revision of post ID 43 is saved, the value of the post_name value would be 43_revision_v1.

post_type column & value

The value of the post_type column is the type of post, such as post, page or a custom post type. In case of a revision, the column is set to revision.

Do Revisions Make the WordPress Database Bigger?

Yes, by adding additional entries to the database the WordPress database will be bigger. Though you can configure how many revisions to store as explained further down in this post if the database size is an issue.

Do Revisions Slow Down the WordPress Database?

It depends on how many posts and revisions you have saved, though the bigger the website gets the more the database is hampered. Though this is normal and should not be of a worry because:

  1. you can configure how many revisions to store,
  2. You can use caching and CDNs etc so your website is not slowed down, even if you have a very large database,
  3. You can use a better spec’d web server.

TIP: Revisions are very useful to writers and authors, and also for compliance reasons, so do not disable them unless you really need to. Though once a piece is published, unless you are legally bound to keep revisions you can delete its revisions since at that stage revisions are of no use.

Configuring Revisions

Below are a list of filters you can use in your wp-config.php file to enable, disable and configure revisions.

Enable or Disable Revisions

You can use any of the below two options for WP_POST_REVISIONS filter, which are;

  • True: This is the default. WordPress revisions are enabled and every revision is stored.
  • False: This disabled the WordPress revisions entirely. Note that recent autosaves still work.

Configure Revisions Limit

You can also use the same WP_POST_REVISIONS filter to configure the number of revisions to keep. So for example if you specify the below in the wp-config.php file only three revisions per post are saved:

You can specify any positive integer to configure the number of revisions WordPress should keep for every post or page. Older revisions will be automatically deleted as newer versions are stored.

Using Plugins to Purge Revisions

There are a few WordPress database optimization plugins you can use to clear out the revisions. One of our favorite one is WP-Optimize. We also like WP Migrate DB Pro because it is an all rounder database admin plugin, which includes both optimization and admin tools. They also have a free version available on the WordPress repository.

WP Migrate DB plugin on WordPress repository

Taking Advantage of Posts & Pages Revisions in WordPress

To recap, WordPress revisions is one of the most useful tools in WordPress. If you are an author, auditor or administrator you will surely need it from time to time, so make sure it is enabled. If you are worried about the database size or performance, limit the number of revisions you keep in the database and install a caching solution, although you should not be unless you have thousands of posts and revisions.

2018 – New Licensing Model for the WP Security Audit Log WordPress Plugin

2017 was a great year for the WP Security Audit Log plugin. During this year we have reached and surpassed a few milestones we have set for ourselves, such as:

  • 50,000 active installations (we have 60,000+)
  • 500+ paying customers (we have nearly 1,000)
  • Keep & improve the good user rating (plugin has a positive rating of 4.7/5 )

The first version of the WP Security Audit Log plugin was released on the 24th of May 2013. It all started as a hobby, and today more than 60,000 WordPress website owners and site administrators use it to keep a log of every change that happens on their blogs, websites and multisite networks.

Though this is just the start. In 2018 we are stepping up the game! We want to keep on improving WordPress’ most popular, comprehensive and robust audit trail solution. The first change we will make to help us build a more robust business that allows us to further develop the plugin is the plugin’s licensing model. We are making it easier for us and the users, which also mean more time for research, development, and product maturity growth. Buckle up, this post will tell you all about the new changes.

Free & Premium Subscription Licensing Model

We are scrapping the individual add-ons model. The new licensing model will be a yearly subscription and the plugin will be available in the following editions:

  • Free (the free edition of the WP Security Audit Log plugin will remain as is)
  • Starter Pack (Comprehensive Audit Log + Search + Email Notifications)
  • Professional (Includes the Starter Pack, Reports + Users Sessions Management + External database & Integrations)
  • Business (Includes the Professional Pack and Priority Business Support)

Below is a table with a visual reference of the new licensing model and plugin’s editions.

FeatureFreeStarterProfessionalBusiness
SupportForumsEmail & PhoneEmail & PhoneEmail & Phone
Comprehensive Audit Log
Email Notifications
Search & Filters
Reports
Users Sessions Management
External DB & Integrations
Priority Support

When Are We Switching to the New Licensing Model?

We are planning to switch to the new licensing model by mid January 2018. Most of the work is ready and currently we are testing the setup and the new licensing mechanism. We are also working on a new awesome website! You can’t have a market leading plugin without a good lucking website.

Why Are We Switching the WP Security Audit Log Licensing Model?

When we started the plugin, we chose to sell individual add-ons to give more options to the users. Though the statistics have showed us that our users prefer otherwise – more than 99% of our sales are of the full bundle of add-ons.

Therefore considering that maintaining individual add-ons is much more demanding in terms of development, testing and sales (licensing, fees etc), and 99% of our customers buy the all add-ons bundle, it was a no-brainer to switch to a simpler free VS premium licensing model. The new licensing model will make things easier for both us and you, the users. Even troubleshooting support issues will be much easier now and with the new licensing mechanism we will also be able to provide fully functional trials of the premium edition!

What About the Existing Customers?

All the customers who have purchased the all add-ons bundle will be upgraded automatically to the Professional edition and their current renewal fees will be grand fathered.

Those customers who have purchased a single add-on will be given the chance to upgrade to any of the new editions for a discounted rate. If they choose not to upgrade they can keep on using the individual add-ons. Note that we will no longer be releasing updates for the individual add-ons unless there are security issues.

When Will Existing Customers Be Upgraded?

All paying customers will receive an email from us at a later stage. In the meantime they can update their plugin and keep on using it as they already are. You can safely ignore the green Upgrade node in the plugin menu.

The Future of The WP Security Audit Log Plugin

We started off with the aim of helping businesses build a robust logging, monitoring and incident response solution for WordPress websites and multisite networks. This change will allow us to continue what we have set out to do in a better way, thus developing an even better and more comprehensive WordPress audit trail plugin solution.

If you have any questions, feedback, require help with the plugin or would simply like to get in touch, please use our contact form or send us an email on info@wpsecurityauditlog.com.

We look forward to having you onboard as our customers!

Insufficient Logging Added to the OWASP Top 10 List of Most Critical Web Application Security Risks

monitoring_iconLogging and monitoring are so important in web application and WordPress security that lack of logging functionality in web applications has now been added to the OWASP Top 10 list:

Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data. Most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring.

A10:2017 – Insufficient Logging & Monitoring

What is OWASP?

OWASP Full Logo

OWASP stands for Open Web Application Security Project. It is a worldwide not-for-profit organization focused on improving the security of software, mostly web applications. Similar to the WordPress community, OWASP has hundreds of chapters (meetups) in cities around the world.

What is the OWASP Top 10?

The OWASP Top 10 is a list of the most commonly found and exploited web application vulnerabilities. The list is compiled from feedback from leading vendors and professionals working in the industry. And is released every three years. The scope of the OWASP Top 10 list is to raise awareness amongst developers and managers. The first list of OWASP Top 10 was published in 2004.

Refer to the OWASP Top 10 official page for more information about the project and all the vulnerabilities and security issues listed in it.

Logging, Monitoring & Incident Response Solution for WordPress

As clearly highlighted in A10 of the OWASP Top 10 for 2017, logging on its own is not enough. Only a complete logging, monitoring & incident response solution will keep you abreast of what is happening on your WordPress and WordPress multisite network websites, and allow you to thwart possible malicious attacks before they actually happen.

There are several WordPress audit trail / logging plugins available though most of them are designed for troubleshooting purposes, for agencies and contractors who would like to keep an eye what their customers are doing on their website. These plugins do not have comprehensive logging and features. Only the WP Security Audit Log plugin meets all the requirements of a complete logging, monitoring and Incident response solution for WordPress because it has:

Comprehensive WordPress Audit Logs

The WP Security Audit Log plugin has the most comprehensive WordPress audit trail both in terms of breadth and depth.

WordPress audit trail in the WP Security Audit Log plugin

The plugin keeps a record of WordPress posts, tags, user profiles, themes, plugins, WordPress settings, WordPress multisite networks changes and more. Here is a complete list of WordPress changes that the WP Security Audit Log plugin keeps track of in the WordPress audit trail.

In terms of depth, for example when there is a WordPress user password change, the plugin keeps a record that a password was changed in the audit log, rather than a generic record of a WordPress user profile change. For every change the plugin also keeps a log of who did the change, the IP address from where the user is logged in, the date and time etc.

Search, Reports & Email Notifications for Important WordPress Changes

The WP Security Audit Log plugin has all the right tools to help you ease troubleshooting and monitoring, and also to keep you two steps ahead of your attackers. You can use the:

  • Full-text search feature to find a specific activity for when doing troubleshooting or forensics work. You can also use the built-in filters to fine tune the search results and find what you are looking for much quicker.
  • The Reports to create any type of user productivity, summary and regulatory compliance reports. You can also create statistics reports and configure automated daily, weekly, monthly and quarterly reports.
  • Email Notifications so you are instantly alerted of important changes on your WordPress via email. You can enable any of the built-in email notifications or use the trigger builder to build a trigger that sends an email when a specific change you configured happens.
  • WordPress Users Session Manager to see who is logged in to your WordPress and what they are doing in realtime mode. You can also remotely terminate a session and block multiple sessions for the same user.

See who is logged in to your WordPress and WordPress multisite websites

Other Noteworthy Features of the WP Security Audit Log Logging & Monitoring Plugin

The WP Security Audit Log plugin also has a number of database and integration tools that you can use to guarantee the integrity of the audit logs, and to also ensure your website meets the strict regulatory compliance requirements.

For example by default the WordPress audit trail is stored in the WordPress database. You can use the plugin’s utilities to store the audit log in an external database, improving both the speed and the security of your WordPress website. You can also configure mirroring of the logs to an external database, syslog and third party logging solutions such as Papertrail.

Use a Logging & Monitoring Plugin to Improve the Security of Your WordPress Websites

WordPress security is a process and not a one time solution. It is based on four principles; harden, monitor, test, improve. All principles are important, so it is vital that each of the four principles in the WordPress security wheel is properly taken care of, because the security of your WordPress website can only be as strong as the weakest link in the chain.

The Benefits of Keeping a WordPress Audit Trail are Multifold

In this article we have just seen how important it is for the security posture of your WordPress website to keep an audit trail of everything that is happening on your website. Audit trails can help you:

  • Identify any suspicious behaviour,
  • Get automatically notified of any important issues,
  • Thwart attacks before they actually happens,
  • Do forensic work to easily find out what happened during an attack.

Though there are more benefits to keeping a record of all the changes that happen on your WordPress website in an audit trail. It is not just about security. With an audit trail:

  • you can keep an eye on the productivity of your users,
  • Ease the troubleshooting of WordPress technical issues,
  • meet strict regulatory compliance requirements that your business has to adhere to,
  • Generate reports for your superiors to keep them happy!

Install the WP Security Audit Log Plugin on Your WordPress Websites

Download and install the WP Security Audit Log plugin on your WordPress websites. Getting started is really easy – once the plugin is installed it will automatically start keeping a record of everything that is happening on your WordPress website, as explained in this getting started video.

Black Friday & Cyber Monday 2017 WP Security Audit Log Promotion

blackfriday_2017_wpsecurityauditlog

It is that time of the year again! If you have been wanting to buy the All Add-Ons bundle of the WP Security Audit Log now is the right time to buy it. We are running a promotion and offering a 30% discount during this year’s Black Friday and Cyber Monday.

To get the 30% discount on the All Add-Ons bundle of WordPress’ most comprehensive and popular audit log plugin use the coupon BLACKCYBER2017 during checkout. The promotion will be running from the 23rd until the 28th of November 2017.

Black Friday Promotions From Our Partners:

And Some of our business partners are also running some promotions for this Cyber weekend. Here are the offers:

WP Engine WordPress Managed Hosting

Offer: Save 35% off your first month with WP Engine.
Dates: Offer runs from the 22nd until the 30th of November 2017.
Coupon Code: cyberwpe35

GET 35% Discount on WP ENGINE OFFER

BlogVault

Offer: Get 35% off on all new purchases, renewals and upgrades.
Dates: Offer runs from the 23rd November until the 1st of December.

Get 35% Discount on BlogVault

Cloudways Managed Hosting

Offer: Get $150 credit!
Dates: Offer runs from the 21st of November until the 11th of December.
Coupon Code: BF150

Get $150 credit on Cloudways managed hosting

Studio Press Framework

Offer: Get a 25% discount on all theme purchases (50% discount for returning customers)
Dates: Offer runs from the 21st until the 28th of November 2017.
Coupon Code: Just click the link below and proceed with purchase

GET 25% Discount on STUDIO PRESS THEMES

Searching in the WordPress Audit Log without Search & Filters

Audit logs are become popular in the WordPress ecosystem and many administrators, consultants and website owners are installing the WP Security Audit Log plugin to keep a log of all the changes that happen on theirs and their customers’ websites and blogs.

Logs are like an insurance; they go unnoticed most of the time, but they are priceless those few times that you need them, when you need to find out who installed a plugin last week that most broke something on the website, or who was the user that deleted the top performing blog post, or changed some content.

If you are using WP Security Audit Log Premium you can use the Search and Filters functionality to easily track down a specific functionality. Though if you are not using the premium edition there is still a way to look for a specific change in the WordPress audit log, though it requires a bit more work, as explained below.

Search by Using the WordPress Audit Log Column Sorting

The WordPress Audit Log Viewer

As can be seen from the above screenshot, the WordPress audit log has six columns:

  • Alert ID
  • Type
  • Date
  • Username & Role
  • Source IP
  • Message

The alerts in the audit log viewer can be sorted in ascending or descending order by Alert ID, Date, User and Source IP address.

Searching for a Specific Change

Therefore if for example you would like to check who installed the FakerPress plugin on your website, you should be looking for Alert ID 5000, which is used to keep a log that a plugin is installed. Refer to the complete list of WordPress audit log alerts for a detailed list of all the alerts and their IDs.

To sort the alerts by alert ID click on the Alert ID column title to sort the alerts in the WordPress audit log by Alert ID. Once the alerts are sorted by Alert ID, a small arrow appears in the Alert ID column title, as can be seen in the below screenshot.

Alerts sorted by ID

Use the page navigation arrows highlighted below to browse through the WordPress Audit Log until you find all of the Alerts with ID 5000. If you have a lot of alerts, you can manually specify the page number to skip a number of pages instead of n manually browsing through the audit log one page at a time. Once you find the page where all the alerts with ID 5000 are, check which of the alert is about the FakerPress plugin. When a new plugin is installed, the plugin keeps a record of who installed it, when and from where the user was logged in, and the plugin’s name and path, as can be seen from the the below screenshot.

A list of Alerts sorted by ID

Search by Date & Username

You can use the same concept of sorting if you have a rough idea of when a change happened, or if you would like to find a specific change a user did. Click on the Date or User columns to sort the alerts in the WordPress audit log by date or WordPress username.

Then use the page navigation buttons to browse through the audit log or manually enter the page number to skip to a specific page.

Upgrade to Premium for Free Text Search & Filters

The above might not be the most efficient way of searching for a specific change that happened on a WordPress website, but it still allows you to find what you are looking for. If you are looking for something more efficient, upgrade to WP Security Audit Log Premium which has a free text search functionality, as highlighted in the below screenshot.

The Free-Text search in the WP Security Audit Log Plugin

 

The Search functionality in WP Security Audit Log also has filters, which you can use to fine tune your search results and easily find what you are looking for. For example in the below screenshot we used the free-text search to search for FakerPress, and we are also setting up a filter for Fist Name robert, so the results will be all those alerts which have fakerpress mentioned but are generated by the user with Robert as a first name.

Using Free-Text Search and Filters in WP Security Audit Log

Audit Logs for Paid Membership Pro WordPress Plugin

Paid Membership Pro is a plugin that allows you to create membership area on your WordPress websites. It is installed on more than 60,000 websites, hence it is the plugin of choice if you want to build a membership area. Though Paid Membership Pro does not have any audit logs / trails capabilities.

Why Do you Need Audit Logs for Paid Membership Pro?

When you run a membership website it is vital to keep a record of all the changes that happen on your website, your members’s accounts, memberships statuses, payments etc. Though since Paid Membership Pro does not keep a record of when a member’s account is changed, or when the membership level is changed, or when a membership is paid, administrators cannot keep track of what is happening on their membership website. For example they have to rely on the payment gateway’s records to verify if a membership was renewed or not.

The above are just a few examples. There are many other changes that you need to keep a record of when running a membership website. Hence why, Bill Stolz developed the WordPress plugin WP Security Audit Log addon for Paid Memberships Pro.

Introducing WP Security Audit Log addon for Paid Memberships Pro

The WP Security Audit Log addon for Paid Memberships Pro is an add-on for WordPress’ most popular and widely used audit logging plugin WP Security Audit Log. The add-on is available for free and once installed it allows you to keep an audit trail of all the changes that took place on the Paid Membership Pro plugins and your website’s members.

You can download the WP Security Audit Log addon for Paid Memberships Pro from the official WordPress plugins repository.

How are Changes on Paid Memberships Pro Recorded in the WordPress Audit Trail?

Once you install the WP Security Audit Log plugin and the add-on, the following Alert IDs are used by the plugin to keep a record of the changes on Paid Memberships Pro plugin and your website’s members.

Alerts related to User Meta:

Alert 8501: A user created a new meta field for a member user. In this alert the name and value of the meta key will be reported.

Alert 8502: A user changed the name of the meta field for a member user. In this alert both the old and new name of the meta field will be reported.

Alert 8503: A user modified the value of a meta field for a member user. In this alert the name of the meta field and both the new and old values will be reported.

Alert 8504: A user deleted a meta field that was in a member user profile. In this alert the name of the deleted meta field will be reports.

Alerts for Paid Memberships Pro (PMPro) Orders

Alert 8601: A New PMPro order has been added to a user. In this alert the User, Membership Level, Order Amount, Order Status, and Payment type will be listed.

Alert 8602: A PMPro order has been deleted. In this alert the User associated with the Order, Membership Level, Order Amount, Order Status and Payment type are listed.

Alert 8603: A PMPro order has been changed. This alert it will list what field in the order that changed along with the Old value and the New value.

Alerts for Changes in User’s Paid Memberships Pro (PMPro) Level

Alert 8604: A user’s PMPro Level changed.  In this alert the Old Level, New Level, Start and End dates related to the new level, discount code (if provided), and user effected are reported.

Alert 8618: A PMPro level associated with a user was cancelled. In this alert the level, Old status, New Status, Old End Date, New End Date, and the user effected are reported.

Alert 8605: A user completed PMPro checkout process. In this alert the Order number, Discount Code ID and the user effected are reported.

Alerts for to Paid Memberships Pro (PMPro) Discount Codes

Alert 8606: A PMPro discount code is deleted. In this alert the discount code ID, discount code, start date, expires date, and allowed uses are reported.

Alert 8607: A PMPro discount code is Updated.  In this alert the discount code ID, Discount code, Start Date, Expires Date, and allowed uses are reported.

Alert 8617: A PMPro discount code is Added.  In this alert the discount code ID, Discount code, Start Date, Expires Date, and allowed uses are reported.

Alert 8608: Information about a PMPro discount code level is updated. In this alert the Order ID, Membership Level, Initial Payment amount, Recurring Billing Amount, Cycle number, Cycle period (Days, weeks, month, year), Limit, Trial Amount, expiration number, expiration period are reported.

Alerts for Paid Memberships Pro (PMPro) Membership Levels

Alert 8609: A PMPro Membership Level is saved. In this alert the Level Name, Level Description, Confirmation Message, Initial Payment Amount, recurring payment amount, Number of Cycles, Period (Days, weeks, months, years), limit, trial amount, trial limit, expiration number, expiration period, new signups allowed are reported.

Alert 8610: A PMPro Membership Level is deleted. In this alert it the Level Name, Level Description, Confirmation Message, Initial Payment Amount, recurring payment amount, Number of Cycles, Period (Days, weeks, months, years), limit, trial amount, trial limit, expiration number, expiration period, new signups allowed are reported.

Alerts for Paid Memberships Pro (PMPro) Payment Gateways & Payments

Alert 8611: A PMPro Payment Subscription is cancelled. In this alert the Order ID, related discount code (if any), User, Payment Gateway, Subscription Transaction ID, Order Amount, Order Status, Payment Type are reported.

Alert 8612: A PMPro Payment Subscription is expired. In this alert the Order ID, related discount code (if any), User, Payment Gateway, Subscription Transaction ID, Order Amount, Order Status, Payment Type are reported.

Alert 8613: A PMPro Paypal IPN Payment is processed. In this alert the Order ID, related discount code (if any), User, Payment Gateway, Subscription Transaction ID, Order Amount, Membership Level, Order Status, Payment Type are reported.

Alert 8614: A PMPro Payment Subscription is completed. In this alert the Order ID, related discount code (if any), User, Payment Gateway, Subscription Transaction ID, Order Amount, Membership Level, Order Status, Payment Type are reported.

Alert 8615: A PMPro Payment Subscription failed. In this alert the Order ID, related discount code (if any), User, Payment Gateway, Subscription Transaction ID, Order Amount, Membership Level, Order Status, Payment Type are reported.

Alert 8616: A PMPro Payment Subscription is past due. In this alert the Order ID, related discount code (if any), User, Payment Gateway, Subscription Transaction ID, Order Amount, Membership Level, Order Status, Payment Type are reported.

Keeping an Audit Log of Membership, Payments and Other Paid Membership Pro Plugin Settings Changes

To get started it is really easy. First install the WP Security Audit Log plugin and then install the free Paid Membership Pro activity log add-on. Watch the below video for a short introduction to WP Security Audit Log and refer to the complete list of WordPress audit trail alerts for a complete list of WordPress website changes that the plugin can keep a log of.

Search 2.0 Add-On for WP Security Audit Log Released

This update took quite some time to finish, but finally it is here. We are happy to announce the new Search 2.0 Add-on, which adds search functionality to WordPress’ most popular and widely used audit trail plugin WP Security Audit Log. This update which features new functionality and also a completely revamped, new UI. Let’s see what is new in this exciting update of the Search Add-On.

New Search Filters

Prior to this update you could only search for a specific change done by a user by using the username filter. Now you can use the filters to search for activity from a user with a specific First Name and Last Name.

Filters in the Search Add-On for WP Security Audit Log

We also included a new search filter for Post Type. So if for example you have a blog post and a post of a custom type (such as Movie from a movie database) with the same name, you can easily filter the search results for changes that happened on that particular post type.

Save and Load Search Term and Filters

In this update of the Search add-on we also included the ability to save the search term and filters. Therefore if for example you have to search for something specific from time to time, you can save both the search term and filters and reload them whenever you need to do the search again.

Save, Load and Reuse a combination of Search terms and filters

Other Notable Updates in Search 2.0 Add-On

Apart from a number of add-on performance improvements, we have also:

  • Added a new button to clear search results,
  • Included hover over functionality to filter audit trail either by IP address or username.

Updating to Search 2.0

You will be notified that an update is available for the add-on in your WordPress dashboard, similar to updating normal plugins from the repository. The update process is fully automated but should you encounter any issues, do not hesitate to get in touch. Note that you must have a valid and non-expired license key to be notified of the update.

 

WP Security Audit Log 2.6.6 Released

We just released an update of WP Security Audit Log, the most popular and widely used WordPress security audit trail plugin. The main highlight of this update is the ability to keep a record of changes done to custom fields created by Advanced Custom Fields (ACF) and similar plugins.

Note that we also released the new Search 2.0 add-on, with a new UI and functionality. Read the WP Security Audit Log Search 2.0 release notes for more information.

Logging Capabilities of Custom Fields

Prior to this release, the plugin was only keeping a log of changes done to the built-in custom fields of WordPress in posts, pages and posts with custom post type. Though with this update, it is also able to keep a record in the WordPress audit trail when the value of a custom field created by ACF is changed in a post, page, post with custom post type and also user profiles.

In fact with this update we also introduced two new alerts:

  • Alert 4015: User updated Custom Field in a user profile
  • Alert 4016: User created a custom Field in a user profile

Refer to the list of WordPress audit trail alerts for a complete list of changes that the WP Security Audit Log plugin can keep a record of on a WordPress website.

Other Notable Updates

We also included other updates in this version, such as:

  1. A new option to either show the Username or the First & Last Name of the users in the WordPress Audit Trial.

Option to display either username of first and last name of user in WordPress audit trail

  1. Changed the naming format and location of 404 error log files. For more information refer to the logging of 404 errors with WP Security Audit Log. Note: we changed the naming format because there were security issues with the format we were using before. Thank you Enable Security for the proof of concept and help with this issue.
  2. We also added a new Tooltip functionality to filter all alerts by IP Address, as shown in the below screenshot.

Filter to filter WordPress audit trail by activity from a specific IP address

Updating WP Security Audit Log

You will be alerted in your WordPress dashboard / admin pages that a new WP Security Audit Log plugin update is available. The updating process is all automated, though should you encounter any problems please do not hesitate to get in touch.

What Do You Think of WP Security Audit Log?

The WP Security Audit Log plugin was designed to help WordPress website owners and businesses keep a record of everything that is happening on their website. Did WP Security Audit Log help you in some way? Have you been using it for a few months and maybe years? If yes, we would appreciate if you can spare a minute to send some stars our way and let us know what are your thoughts on the plugin.