Release notes: Update 22.214.171.124 for WP Security Audit Log Released
- MainWP Child Site Stealth Mode plugin setting
New WordPress Activity Log Events
- Event 6006: User reset the plugin settings to default
- Event 6033: WordPress file integrity checker and scans status updates (started & stopped)
- Event 6034: User purged the activity log
- Added sub categories to Enable/Disable Events section to segregate long lists.
- Improved the sensor for the detection of plugins activations and deactivations.
- Removed the startup wizard from upgrade – now only triggered on new installs.
- Improved the premium trial message with a Start Free Trial button.
- Added notification response to purging old data from the event log manually.
- Added a pop-up notification to confirm activity log level was applied successfully.
- Improved error messages in the Exclude Objects setting page.
- Removed Mcrypt completely (was previously used for external DB connection).
- Updated the Freemius SDK to the latest version.
- Removed use of GLOB_BRACE – it is no longer needed.
- Fixed an issue in which notifications with specific post IDs was not working on multisite.
- Fixed some security issues highlighted by RIPS tech.
- Removed nodes of premium features for users who have VIEW ONLY access to the WordPress activity log.
- Fixed a backward compatibility issue in which the setup wizard was wrongly restricting plugin access.
- Fixed a compatibility problem with WordPress running on IIS and Windows Server.
- Added a startup wizard to assist new users with new installs.
- Introduced the WordPress activity log levels.
- New search filters in the WordPress activity log viewer.
- Added a new test button to all external database connections, including those for WordPress activity log archiving and mirroring.
- Added several new settings to purge the WordPress activity log and reset plugin settings to default.
- Performance improvement: optimized the logic of the plugin sensors to load only required ones during user action.
- Redesigned all the settings pages and included more help text, making them more user friendly.
- Added links to plugin knowledge base where possible in the plugin settings.
- Improved the WordPress activity log pruning setting so now it is possible to configure retention based on a period of time.
- Database improvement: changed the option_value column in the plugin tables to long text.
- WordPress website file changes results are now stored in the plugin’s options table.
- Improved the list of excluded file extensions in the WordPress file changes scanner.
- Added sorting in the logged in WordPress users view.
- Added more checks to ensure opt-in and other plugin messages are shown when needed only.
- Removed affiliate network message in plugin.
- Fixed an issue where stored passwords might have been changed because of change from Mcrypt to OpenSSL.
- Fixed an issue in which retention settings were reset when moved to archiving settings.
- Fixed an issue with an incorrect opt-in prompt from the SDK
- Fixed issues related to Freemius SDK path
Release Notes: WP Security Audit Log version 3.2.2 released
New activity log event IDs
- Event ID 9072: User opened WooCommerce product in editor
- Event ID 9073: User viewed WooCommerce product
- Support for MainWP – plugin keeps a log of changes done on websites from MainWP dashboard.
- Added new option to allow users to trial the premium edition for free.
- Added built-in email notifications for WordPress file changes.
- Created buffer for external database to cater for slow connections.
- Retention settings for WordPress activity logs archives.
- Setting to exclude non-existing URLs so they are not reported in the WordPress activity logs.
- System info module that captures diagnostic data into a log file required by support.
- Ability to exclude directories from the WordPress file integrity scanner.
- Increased file size limit to 5MB in the WordPress file integrity scanner.
- Monitoring sensors now only loaded if source being monitored is active / installed (performance enhancement)
- Views will not be loaded unless accessed (performance enhancement)
- Updated HTTP 404 errors detection sensor to use $wp_query (fallback to $_SERVER global array)
- New setting to exclude the logging of automated changes to WooCommerce products’ stock.
- Sub sites admins on multisite networks can now see who is logged in to the websites they administer.
- Updated exclusion settings to allow users to exclude any post type from the logs.
- Added a check on post type value to handle an unhandled error.
- Updated Search filters to handle role names and role slugs (e.g. shop-manager and shop manager).
- Fixed issue in which database selection (archive or live DB) was not stored properly.
- Fixed issue where audit log viewer was auto refreshing to page one automatically when browsing other pages.
- Improved connectivity checks of archiving and mirroring external databases.
- Updated external database connection SSL code to support PHP 5.4.
- Renamed Alerts to Events – More information on WordPress activity log events
- File Integrity scans & WordPress file changes warnings in the activity log.
- Support for SSL / Client certificates for activity log external database connections (including archiving and mirroring).
New Activity Log Event IDs
- 6028 – A file on the website has been modified
- 6029 – New file has been created on the website
- 6030 – A file was deleted from your website
- 6031 – File too big to scan (2MB).
- 6032 – File changes scan limit reached (1M files)
- Performance enhancement – storing table names in sentients so they are note retrieved every time they are required.
- Improved the built-in WordPress email notifications for content.
- Changed the Freemius opt-in / opt-out screen to non compulsory.
- Updated WhatIsMyIpAddress.com link to HTTPS so traffic is now encrypted.
- Added notification on new installs to point out to users where to find the WordPress activity logs.
- Updated Freemius SDK (now GDPR compliant)
- Fixed issue in which the archive / live activity log database was not being saved properly.
- Fixed issue in WooCommerce activity log – Alert 2053 was being reported instead of 9001 when a new product is published.
- Fixed issue in WooCommerce product SEO change – wrong event was being reported.
- Fixed issue where sorting activity logs events by IP address which tripled the entries displayed in the log.
- New data inspector in the WordPress activity log viewer.
- Alerts buffer so when the external WordPress activity log database is unavailable the alerts are stored in the WordPress database and website operations are not affected.
- Option in External Database settings to use WordPress URL as database table prefix.
- Alerts which contain long values are shortened in the viewer and logged in users list. User can view all details in the data inspector.
- Set the default setting for blocking multiple WordPress users sessions to “do not allow override”.
- WordPress login page notification is disabled by default.
- Converted the HTML WordPress reports to responsive.
- Better support for changes users do via the Ultimate Member Pro plugin.
- Plugin now records WooCommerce product stock changes done by plugins such as Bulk Stock Management
- Fixed a reported performance issue. Now plugin audit log refreshes every 20 seconds.
- Fixed an issue in the Freemius SDK – mutisite opt-in was not working.
- Terminate all logged in sessions button.
- Setting to configure automatic termination of idle logged in sessions.
- Text search with filters for logged in sessions (first & last, username, role, email).
- New settings to limit the number of simultaneous logged in sessions per user in WordPress.
- New settings to configure logged in sessions override in WordPress.
Activity log alerts for Yoast SEO
- 8801: Changed the SEO title
- 8802: Modified SEO description
- 8803: Changed the option Allow Search engine to show post in search results
- 8804: Changed the option Search Engine follow links
- 8805: Set the Meta Robots Advanced setting
- 8806: Changed the canonical URL
- 8807: Changed the focus keyword
- 8808: Changed the cornerstone article option
- 8809: Changed title separator in Yoast SEO plugin settings
- 8810: Changed the Homepage Title
- 8811: Changed the Homepage Meta description
- 8812: Changed the Knowledge Graph setting
- 8813: Changed the option Show Posts / Pages / Attachments in Search Results
- 8814: Changed the Posts / pages / Attachments title template
- 8815: Changed the SEO Analysis setting
- 8816: changed the Readability analysis setting
- 8817: Change the cornerstone content plugin setting
- 8818: Changed the Text link counter setting
- 8819: Changed XML Sitemaps setting
- 8820: Changed Ryte Integration setting
- 8821: Changed the Admin bar menu setting
- 8822: Changed the Posts / Pages / Attachments meta description template
- 8823: Changed the option Date in Snippet Preview for Posts / Pages / Attachments
- 8824: Changed the option Yoast SEO Metabox for Posts / Pages / Attachments
- 8825: Changed the setting Security: no advanced settings for authors
- List of logged in users uses displays either first & last name or username.
- Automated changes in WooCommerce product stock quantity and statuses done by plugins or order placements are now recorded.
- Added checks for when the plugin cannot retrieve the latest change of a session to report in the logged in users section.
- Reintroduced the functionality to download 404 error log files from activity log.
- Freemius addressed multiple issues in SDK for WordPress multisite (updated SDK)
- Reintroduced the count of failed logins for non WordPress users.
- Reintroduced the setting to limit the number of failed logins by non WordPress users the plugin should keep a log of.
- Improved the formatting of the log file for usernames used in failed logins.
- Fixed issue where new restrictions in The plugin uploads directory broke the custom alerts.
- Moved failed logins logs to the database
- Added index.php and .htaccess files to the plugin upload directory
Release notes: WP Security Audit Log 3.1.1 – Improved Multisite Support
New WordPress Activity Log Alert
- Alert 2126: Website visitor posted a comment (segregated from alert 2099 which was used for both logged in users and website visitors).
- Logging of user role change at WordPress multisite network level.
- New site selection menu for opting-in to sending diagnostic data or activating licenses on WordPress multisite network installations.
- New account page for installs on multisite network.
- Logging of posting of comments from logged in users and website visitors now reported by different alerts.
- Improved the logging of multiple post changes that were done at the same time on a post / page / post with custom post type – previously only the last change was being reported.
- Post Type selection menu in Email Notifications is not automatically populated on multisite network install so users can specify their custom post type.
- Changed severity of alerts 6007 and 6023 (404 errors) from High to Notification.
- Improved the plugin menu node for sites on multisite network (added messages on nodes users do not have access to, removed nodes that admins on sites should not have access to).
- Added responsiveness to the Archive Now and Mirror Now buttons in the integration tools.
- Added product name in alert 9019 (when product stock quantity is updated in WooCommerce).
Release Notes: WP Security Audit Log 3.1 Released
- Added Post Status and Post Type in alerts.
- Consolidated all Posts / Pages / Custom Post alerts.
- Added Post Status and Post Type filters in search.
- Added Post Status and Post Type criteria in Email Notifications trigger builder.
- Added Post Status and Post Type criteria in Reports.
- Fallback system for display names – when user does not have first and last name, the username will be used.
- Improved the priority of the plugin’s hooks so logins from custom forms are captured (e.g. better support for Restrict Content PRO and similar plugins).
- Improved the UI of the Enable/Disable Alerts section.
- Changed the column Type to Severity in Audit Log viewer.
- Better handling of errors and variables during plugin activation.
- Consolidated Post ID, Page ID and Custom Post ID in just Post ID in Email notifications trigger builder.
- Improved the look & feel of the login page notification (GDPR compliance).
- Improved the UI and queries used for the Users Sessions management.
- Added the IP address requesting the non-existing page in the 404 log files.
- Users can now specify the number of 404 and failed login alerts before being alerted in the built-in alerts section.
- Removed a Disable All Logging option from plugin settings – was redundant.
- Added a new editable message on the login page to alert users that their changes are logged (plugin is now GDPR compliant).
- Changed the name of a setting from Security Alerts Pruning to Audit Log Retention (GDPR compliance).
- Updated Freemius SDK – Freemius was not firing on new installs.
- Fixed an issue where a URL was reported as NULL in email alerts (PREMIUM).
- Removed promo alerts when premium add-ons are installed.
- Added Freemius to the plugin (opt-in is optional)
- Code changes to support new licensing model
Message for blocked users sessions can now be edited (PREMIUM)
- Alert 9034: Enabled / Disabled the option Cash on Delivery in WooCommerce
- Alert 6024: Changed the WordPress address (URL)
- Alert 6025: Changed the site address (URL)
- Fixed escaping issues, improved security and the code of the plugin up to latest WordPress standards.
- Improved the Data Retention option (Alerts Pruning). Now users only have to specify the number of months.
- Added option to view Tag in all Tag alerts.
- Plugin now stores Post ID, Type, Status and Created Date records for every post. Capturing of such data is important for future updates.
- Fixed an issue where users with view audit log privileges could disable alerts from the hover over option.
- Fixed broken links in notification emails (PREMIUM)
- Fixed a security issue reported by Jahan Khan
- Fixed a syntax issue in the code that was affecting installs on PHP lower than 5.4.
New Audit Trail Alerts for logging of Tag changes
- Alert 2119: User added tag to a post
- Alert 2120: User removed a tag from a post
- Alert 2121: User added new tag on WordPress
- Alert 2122: User deleted a tag from WordPress
- Alert 2123: User renamed a tag
- Alert 2124: User changed the slug of a tag
- Alert 2125: User changed the description of a tag
New Audit Trail Alerts for logging of User Profile Changes
- Alert 4017: Changed the first name of a user
- Alert 4018: Changed the last name of a user
- Alert 4019: Changed the nickname of a user
- Alert 4020: Changed the display name of a user
- New hover over option to modify alerts’ behaviour. This applies to alerts that have configuration such as 1002, 1003, 6007 and 6023.
- Option to record referrer URL in log file when logging 404 errors to a log file.
- Option to specify how many failed logins the plugin should keep a log of.
- Option to capture the usernames used during failed login attempts with non WordPress users.
- Drop down menu to select number of alerts to display in Audit Log Viewer now has only fixed numbers.
- Renamed first column to Alert ID (standardising text in plugin)
- New French translation by Denis Moscato
- Improved the sensor for custom post types so posts with NULL value or other temp custom posts are not reported. This was reported in several support tickets; here, here and here.
- Add a new check to ensure the object is of WP_Post class (Support Ticket)
- Added a new property in WSAL main class to store the current plugin version.
- Added a new function in WSAL main class to define constants (to be used throughout the plugin)
- Improved the code formatting in AuditLog.php
New Audit Trail Alerts
- Alert 4015 for when a user creates a custom field in a user profile.
- Alert 4016 for when a user updates a custom field value in a user profile.
- Logging of changes in custom fields (in posts, pages, custom post types, user profiles) created by Advanced Custom Fields (ACF) or similar plugins.
- New option to show either the Username or Firstname and Lastname of the user in the Audit Trail.
- 404 errors logfiles are now saved in /uploads/wp-security-audit-log/404s/ directory.
- Changed the 404 errors logfile name format to [alert]_[yyyymmdd].log. Thanks to [Enable Security](https://www.enablesecurity.com/) for PoC of vulnerability and advise.
- Removed link to view post from Alerts about permanently deleted posts (2008, 2009, 2033).
- Added tooltip for filter via IP address.
- Fixed an issue where the viewing of content was not being logged when Yoast SEO is installed.
New Audit Trail Alerts
- Alert 1007 for when an administrator terminate’s a logged in session using the Users Sessions Management Add-On
- Alert 6023 to log 404 HTTP errors (requests to non-existing pages) by website visitors (non WordPress users)
- Seggregated the logging of 404 HTTP Errors by who generates them. Alert 6007 for logged in users, 6023 for anonymous website visitors.
- Improved the logging of Alert 4014 so it is not reported every time a user’s profile page is reloaded with a refresh or when a change is applied.
- Removed the wsal_wp_session cookie, which was used to store the selected database when archiving of audit trail alerts is enabled. Using LocalStorage instead.
- Replaced mcrypt (deprecated in PHP 7) with OpenSSL. Mcrypt still used temporarily to convert configured password. Will be removed completely in future updates. (Support Ticket)
- Added a number of queries in the plugin to support the new version of the Reports Add-On.
- Updated third party session libraries to a more secure version
New alerts to record actions & profile changes
- 1006: User logged out all other sessions with the same username
- 4014: User opened the profile page of another user
New alerts to record post and page specific settings changes
- 2111: Disabled Comments / Trackbacks and Pingbacks on a published post
- 2112: Enabled Comments / Trackbacks and Pingbacks on a published post
- 2113: Disabled Comments / Trackbacks and Pingbacks on a draft post
- 2114: Enabled Comments / Trackbacks and Pingbacks on a draft post
- 2115: Disabled Comments / Trackbacks and Pingbacks on a published page
- 2116: Enabled Comments / Trackbacks and Pingbacks on a published page
- 2117: Disabled Comments / Trackbacks and Pingbacks on a draft page
- 2118: Enabled Comments / Trackbacks and Pingbacks on a draft page
New alerts to record WordPress site-wide settings changes
- 6008: User enabled / disabled the option Discourage search engines from indexing this site
- 6009: User enabled / disabled comments on all the website
- 6010: User enabled / disabled the option Comment author must fill out name and email
- 6011: User enabled / disabled the option Users must be logged in and registered to comment
- 6012: User enabled / disabled the option to automatically close comments after [X] days
- 6013: User changed the value of the option Automatically close comments from [X] to [X] days
- 6014: User enabled / disabled the option for comments to be manually approved
- 6015: User enabled / disabled the option for an author to have previously approved comments for the comments to appear
- 6016: User changed the number of links from [X] to [X] that a comment must have to be held in the queue
- 6017: User modified the list of keywords for comments moderation
- 6018: User modified the list of keywords for comments blacklisting
- URL of content in alert is no longer truncated. Now it will be reported in full
- Organised the alerts in Enable/Disable Alerts section in categories and sub categories, thus they are easier to find
- Plugin no longer links to a non-existing log file when 404 logging is switched off
- Added additional checks for when using the function wp_Sessions_register_garbage_collection, which was causing a conflict with another plugin
- Fixed an issue in which the plugin was changing the titles of WooCommerce product pages for logged in users (ticket)
- Fixed an issue in which plugin was unable to handle automated generated content with author 0 (ticket)
- Removed the PHP Session ID cookie created by mistake for non logged in users.
- Audit trail for WooCommerce Store and Products
- New Hover over functionality to disable alerts with a single click.
New WooCommerce Audit Trail Alerts
- Refer to the Audit trail WooCommerce Alerts List for a complete list of alerts the plugin uses to keep a record of changes in the WooCommerce store and products.
- Improved severity of alerts and added severity description on hover over.
- Removed all code related to PHP error monitoring, which is no longer used (code spring cleaning).
- Fixed an issue in which 404 logs where still being generated when the logs option was disabled but alert 6007 was enabled.
- Updated store URL so premium add-ons can be updated.
Support for new features in External DB Add-on:
- Mirroring of audit trail to Syslog
- Mirroring of audit trail to Papertrail
- Support for archiving alerts from the audit trail in an external database
Plugin Improvement (Standardized all date & time formats and timezone)
- Plugin now uses the time & date format configured in WordPress (removed the option from plugin that override this).
- Updated all the Premium Add-Ons to use the time & date format configured in WordPress.
- Changed the Request Log file extension to php and disabled execution (before it was log, hence users could guess it).
- Fixed a problem with restricting users’ access to the plugin (support ticket).
- Fixed a bug in the custom alerts – previously custom alerts were overwritten during upgrade. Updated custom alerts documentation as well.
- Fixed an issue where a page’s title was not being returned (Support Ticket)
- Fixed an issue where previous 404 reports were not being correctly merged. (Support Ticket)
New WordPress Audit Trail Alerts
- 2100: User opened a post in the editor
- 2101: User viewed the post
- 2102: User opened page in editor
- 2103: User viewed page
- 2104: User opened custom post type in editor
- 2105: User viewed the custom post type
- New setting to configure the number of 404 requests the plugin should record in a logfile from the same IP address.
- Ability to download the 404 log file directly from the alert.
- Added a new setting that disables or enables all of the plugin’s logging. It is disabled by default.
- Organized the plugin settings under different tabs making it is easier to configure.
- Updated the Reports add-on to show 404 log file location in the reports.
- Removed the auto-enabling of 404 requests monitoring (introduced in previous version).
- When 404s are from localhost, localhost is used in filename and not the IP. (Support Ticket)
- The Add Functionality node is now automatically disabled when one or more premium add-ons are activated.
- Changed the location of request log to /wp-content/uploads/wp-security-audit-log/.
- Changed the extension of the request log file from php to log.
- Plugin won’t keep a record of newly posted comments that are marked as spam by Akismet.
- Fixed the data inspector that was not working in certain installations.
- Fixed an issue with custom alerts, which were overwritten during upgrade. Refer to the custom alerts documentation for more information.
- Updated the Italian translation file with the latest translations.
- Fixed a bug related to database collation which was affecting the generation of reports.
- Enabled the 404 logging by default during upgrade and new install. Read this FAQ for more information on this functionality.
- Read the WP Security Audit Log 2.5.2 release notes for more details on what is new.
- Logging of 404 Requests to a Log file. Read this FAQ for more information on this functionality.
- Fixed several alerts / monitoring capabilities that were not working correctly in WordPress 4.6.
- Fixed the disabling functionality of Alert 6007 because it was not working.
- Fixed the disabling functionality for Alerts 1000 and 10001.
- Merged bug fixes from version 2.4.4 (were not included in 2.5.0).
- Read the WP Security Audit Log 2.5.0 release notes for a detailed overview of what is new.
- Plugin now keeps a record in the audit trail of changes in WordPress comments. Refer to the list of alerts for WordPress comments for the complete list.
- Audit log alerts for 404 (page not found) requests.
- Audit log alerts for pages / posts / custom post types automatically created by plugins.
- Added wildcard (*) support for when excluding Custom Fields.
- New setting to customize From email address and display name. The premium edition have been updated to use the configured email address.
New WordPress Audit Trail Alerts for Changes in Comments
- 2090: User approved a comment
- 2091: User unapproved a comment
- 2092: User replied to a comment
- 2093: User edited a comment
- 2094: User marked a comment as Spam
- 2095: User marked a comment as not Spam
- 2096: User moved a comment to trash
- 2097: User moved a comment out from the trash
- 2098: User permanently deleted a comment
- 2099: Website visitor / User posted a comment (disabled by default. Enable it from the Enable/Disable Alerts node in the plugin menu)
New WordPress Audit Trail Alerts for Plugins Activity
- 5019: Plugin automatically created a post
- 5020: Plugin automatically created a page
- 5021: Plugin automatically created a custom post type
- 5025: Plugin automatically deleted a post
- 5026: Plugin automatically deleted a page
- 5027: Plugin automatically deleted a custom post type
Other New WordPress Audit Trail Alerts
- 5031: User updated a theme
- 2089: User moved an object as a sub-object in a menu
- 6007: User / website visitor requested a non-existing page (404 ERROR)
- Standardized all alerts messages / Improved the text of all of them. Each post / page / custom post type alert has a linkt to the Editor now
- Fixed a cross-site scripting vulnerability in the function AjaxDisableCustomField()
- Fixed the hide plugin setting which was not working in some scenarios. (Support Ticket)
New Add-On Support
- Included code to support the new Users Sessions Management module, which allows you to see who is logged in to your WordPress and WordPress multisite networks.
New Alerts in the WordPress Audit Trail
- 1004: A login attempt was blocked because a session with the same username already exists
- 1005: Multiple logged-in sessions for the same WordPress username has been detected
- Plugin reports changes when an object is moved as a sub object in a menu.
- Fixed a problem where wrong permissions were assigned to the reports directory in the uploads directory for the Reports module.
Fixed an issue where multiple incorrect changes were reported when changing the structure of a menu (Support ticket).
Fixed a bug in the settings sensor (support ticket).
- Removed hardcoded memory limit in database connector. Now all database connections are done via AJAX calls hence there is no need for such limits.
- Read the WP Security Audit Log 2.4 release notes for a detailed overview of what is new in this version.
- New setting allowing the users to configure the timestamp of the alerts. Read the FAQ How to change the time zone in the WordPress Audit Trial for more information.
New WordPress Security Alerts for Content title changes
- 2086: User changed the title of a post
- 2087: User changed the title of a page
- 2088: User changed the title of a custom post type
- Implemented AJAX calls for when migrating the WordPress Audit Trail between databases with the[External DB module.
Read the WP Security Audit Log 2.4 release notes for a detailed overview of what is new.
- Monitoring of WordPress menus changes from both admin pages and theme customizer.
- New hook that allows users to create their own custom alerts. Read the WP Security Audit Log Custom Alerts documentation for more information.
- New alerts for when a either a post, a post or a custom post type is scheduled.
New WordPress Security Alerts for Menus
- 2078: User created a new menu
- 2079: User added objects to menu
- 2080: User removed object from menu
- 2081: User deleted a menu
- 2082: User changed menu settings
- 2083: USer modified an object in menu
- 2084: User renamed a menu
- 2085: User changed the order of the objects in menu
New WordPress Security Alerts for Scheduled Items
- 2074: User scheduled a post for publishing
- 2075: User scheduled a page for publishing
- 2076: User scheduled a custom post type for publishing
- Fixed an issue where WordPress updated alerts were begin generated repeatedly upon accessing the updates page. (Support Ticket)
- Fixed an issue where WordPress pruning was not working in an out of the box installation. (Support Ticket)
- Fixed a conflict with Migrate DB. (Support Ticket)
- Fixed an issue where automated WordPress updates were not being reported.
- Improved error handling in database queries.
- Fixed an issue with the login/logout sensor reported in this ticket.
- Improved the SQL queries used in the Reports module.
Keep track of changes on bbPress forums. For more detailed information read the WP Security Audit Log 2.3 Release Notes.
New WordPress Security Alerts
- 8000: User published a new forum
- 8001: User changed the status of a forum
- 8002: User changed the visibility of a forum
- 8003: User changed the URL of a forum
- 8004: User changed the order of a forum
- 8005: User moved forum to trash
- 8006: User permanently deleted a forum
- 8007: User restored a forum from trash
- 8008: User changed the parent of a forum
- 8009: User changed the role of forum auto user role
- 8010: User changed the option for anonymous posting on forum
- 8011: User changed the forum type
- 8012: User changed the time setting to disallow editing of posts
- 8013: User changed the time setting for post throttling
- 8014: User created new forum topic
- 8015: User changed the status of a forum topic
- 8016: User changed the type of a forum topic
- 8017: User changed the URL of a forum topic
- 8018: User changed the forum for a topic
- 8019: User moved a forum topic to trash
- 8020: User permanently deleted a forum topic
- 8021: User restored a forum topic from trash
- 8022: User changed the visibility of a forum topic
- Improved the performance / queries of the Audit Log Viewer, hence now it is faster when retrieving alerts from bigger databases.
- Rewritten and improved the reporting engine for the Reports module.
- Fixed an issue where administrators of sub domain websites could see the alerts of other websites from the dashboard widget in a multisite installation. (Ticket)
- Fixed a SQL query error where a NULL value was being saved and it wasn’t accepted. (Ticket)
- Added the revision link in content change security alerts allowing you to see the actual content changes that took place on posts, pages and custom post types. Read more about keeping a log of content changes in WordPress.
- Fixed an issue where user was allowed to disable all columns in Audit Log Viewer (Support ticket). Fix recommendation by Bates College.
New WordPress Security Alerts
- 2072: User modifies a post that is submitted for review
- 2073: Contributor submits a post for review
- Added the functionality to search by Alert ID in the Search module.
- When a background process is reports, plugin now reports “System” as username and not “unknown”.
- Improved the connection checks of the External DB module (now it also has a timeout for when incorrect IP / Host is specified).
- Fixed an issue in the Reports module where not all available users were being listed to generate a report
- Fixed an issue with licensing notifications – now all licensing notifications will be automatically dismissed upon activating a key.
- Fixed an issue where the user reset passwords were not being recorded (since 4.3). (Ticket)
- Introduced the External DB module.
- Integration with WhatIsMyIPAddress.com (Click an IP addresses in Audit Log viewer to get all information about it).
- Settings to Include or exclude specific columns from the Audit Log viewer.
- Ability to exclude an IP address from monitoring
- New option to disable the reporting of WordPress background tasks (such as deletion of auto draft posts)
- Fixed a problem when trying to customize a widget via the theme customizer (support ticket).
- Handling an error that was generated when someone logged in to a WordPress via social media channels.
- Fixed: incorrect alert generated when a widget is moved from the bottom of a container to another.
- Fixed: incorrect alert generated when a custom filed is deleted from a page.
- Fixed an issue where post related actions were not reported for users with author and contributor roles.
- Fixed an issue where in a specific scenario the settings in the options tabel were duplicate.
Launched a new [WP Security Audit Log website](http://www.wpsecurityauditlog.com) and updated all relevant links.
- New database connector allowing faster and more efficient plugin to WordPress database communication
- Added new option to switch the display time of alerts between 24 hour or 12 hour format
- Sorting functionality in Audit Log Viewer (sort WordPress security alerts by date & time, code or username)
Fixed issue where super admin roles was not reported when logging in to “sub sites” in WordPress multisite
Fixed several formatting issues in the Audit Log Viewer (UI)
Fixed issue where multiple plugins were upgraded via the drop down menu and no alerts were being reported
Fixed: When unrestricting plugin access from a single admin was not working properly
- Fixed the monitoring of plugin updates for WordPress 4.2 (Support Ticket)
- Fixed an issue where multiple plugin updates triggered by drop down menu were not being reported
- Fixed a conflict with Magic Fields 2 plugin (Support Ticket)
- Updated the escaping of add_query_arg() function which could result in a potential XSS
New Security Alerts
- 5010: plugin created new tables in the WordPress database
- 5011: plugin modified the structure of a number of tables in the WordPress database
- 5012: plugin deleted tables from the WordPress database
- 5013: theme created new tables in the WordPress database
- 5014: theme modified the structure of a number of tables in the WordPress database
- 5015: theme deleted tables from the WordPress database
- 5016: an unknown component created new tables in the WordPress database
- 5017: an unknown component theme modified the structure of a number of tables in the WordPress database
- 5018: an unknown component theme deleted tables from the WordPress database
- 2052: a user changed the parent of a category
- Removed a clause which changed the debug log path (used for testing) (Support Ticket)
- Completely removed the user of the is_admin() function to follow better security practises
- Updated the licensing mechanism to correct problem where premium add-ons could not be activated.
- Fixed several issues where the database tables were not being created during install or upgrade. Support ticket and Support ticket.
- Fixed an issue where the plugin did not monitor any activity in specific scenarios. Support ticket and Support ticket.
- Removed duplicate options in the settings page. (Support ticket)
- Ability to exclude custom fields from monitoring (custom fields can be excluded from the Audit Log Viewer with a simple click or you can specify them in the settings)
- Ability to exclude WordPress users and roles from monitoring
- WP Security Audit Log now has its own settings table in WordPress database. This will provide us with more flexibility and have more centralization of data
- Updated the code where is_admin() function was being used to follow better security practises
- Fixed a problem where a PHP exception was being thrown during the activation of the plugin (support ticket)
- Fixed an issue where the IP address was not being reported for anyone using PHP version 5.3.3 or earlier (support ticket)
- WordPress username is now reported when a failed login is recorded – More Details
- Plugin is now available in Romanian thanks to Artmotion
- Improved IP Address validation checks – if IP address format is incorrect the plugin reports “incorrect format” and not “unknown” – This will help us improve troubleshooting
- Alerts pruning options are now added during activation of the plugin, making pruning options more reliable – existing pruning options will be retained
- Fixed issue with the option “auto / manual” refresh of Audit Log Viewer
- Fixed plugin uninstallation process (added new option to purge all plugin data from WordPress database upon uninstall)
- Premium features nodes will be hidden from the WordPress plugins page when the Hide plugin option is enabled.
- Updated some of the help text in plugin’s settings page
- Updated the text of some WordPress security alerts
Fixed a bug related to the reverse proxy / IP retrieval functionality
Fixed an issue related to Sandbox removal and upgrades [Support Ticket](https://wordpress.org/support/topic/fatal-error-undefined-method-on-upgrade)
New Features and Options
- Plugin automatically retrieves user’s originating IP address even if WordPress is installed behind a reverse proxy, web application firewall or load balancer. For more information refer to WP Security Audit Log, Reverse Proxies and WAFs.
- New option to omit internal IP addresses from being reported in the WordPress security audit log
- The sandbox was removed from the plugin. If you need to use the sandbox for troubleshooting and tested contact us since we migrated it to a standalone extension.
- Fixed a bug where site administrators where not able to view the WordPress security alerts for their sites in a WordPress multisite installation
- Improved some SQL queries as reported in this support ticket.
- Fixed an issue with alerts pruning (when pruning was set by number of alerts the plugin was pruning all alerts)
New WordPress Security Alerts
- Alert 2065: The content of published post has been modified
- Alert 2066: The content of published page has been modified
- Alert 2067: The content of published custom post type has been modified
- Alert 2068: The content of a draft post has been modified
- Alert 2069: The content of a draft page has been modified
- Alert 2070: The content of a draft custom post type has been modified
- Alert 2071: Changed the position of a widget in the same container
WordPress Security Audit Log Viewer Improvement
- Removed fixed width from columns, hence now they are dynamically resized depending on your resolution
- Fixed an issue where alert 1001 (logout) was generated without a login (support ticket)
- Fixed a PHP coding problem / invalid argument issue (support ticket)
New WordPress Security Alerts
- Alert 2065: User modified the content of a blog post
- Alert 2066: User modified the content of a WordPress page
- Alert 2067: User modified the content of a custom post type
- We have also improved the code of some of the sensors which monitor the WordPress activity
- Fixed an issue with the queries used for the alerts pruning as reported in this (support ticket).
- Added new Extensions page to allow users to see which extensions they can use to increase the functionality of the plugin.
- Included licensing mechanism to support premium extensions
- Updated latest language files for German and Italian translations (also include corrections for some old translations)
- Fixed a problem with the pruning of WordPress Security Alerts (support ticket)
- Fixed pagination issue in the Audit Log Viewer when running on WordPress multisite
- New option “Restrict Plugin Access” that allows WordPress administrators to further restrict access to the plugin and the WordPress security alerts
- Updated the Audit Log Viewer backend to retriev WordPress security alerts much faster and consume less resources on large websites
- Moved the Audit Log plugin menu entry underneath the dashboard entry for better access
- Several minor enhancements to the plugin to perform better on large WordPress installations
- Fixed an uncaught exception with Logout Alert 1001 (support ticket)
- Several performance improvements and tweaks applied
- Updated Italian translations
- Fixed an issue with URLs of plugin pages (support ticket)
- Fixed an uncaught exception with Logout Alert 1001 (support ticket)
- Fixed error on logout issue (support ticket)
- Fixed uncaught exception with specific Alert Codes (support ticket)
- Monitoring of custom fields in WordPress posts, pages and custom post types.
New WordPress Security Alerts
- Alert 2053: User created new custom field in blog post
- Alert 2054: User modified the value of custom field in blog post
- Alert 2055: User deleted a custom field in blog post
- Alert 2062: User renamed custom field in blog post
- Alert 2059: User created new custom field in page
- Alert 2060: User modified the value of custom field in page
- Alert 2061: User deleted custom field from page
- Alert 2063: User renamed custom field in
- Alert 2056: User created new custom field in custom post type
- Alert 2057: User modified the value of custom field in custom post type
- Alert 2058: User deleted a custom field from custom post type
- Alert 2064: User renamed custom field in custom post type
- Improved the writing and reading of WordPress alerts from the WordPress database (plugin runs more efficiently on high traffic WordPress and WordPress multisite installations)
- Improved the monitoring of WordPress login and logout actions
- Applied various plugin performance tweaks
- Fixed a specific issue where user and user role where not being reported.
- Fixed an error which was being reported during user logout in specific scenarios.
- Fixed a CSRF vulnerability reported by Kévin FALCOZ aka 0pc0deFR
- Improved database structure for better support of high-traffic WordPress and WordPress multisite installations
- Developer options are reset during updates for improved performance
- Added a warning / note to the developer options (such options should NEVER be enabled on live websites but only on testing, staging and development websites)
- Fixed database issue with primary key constraint
- Italian translation available thanks to Leonardo Musumeci.
- Added a warning for developer options
- “Hidden” developer options from default settings; user has to click link to access developer settings
- Backtrace logging now made optional from a developer setting
- Solved several issues related to translations. Now everything in the plugin is translatable
- Fixed several other issues reported by email
- Fixed reported issue with upgrade reported here.
- Unlimited Alerts can be stored (removed the 5000 alerts limit)
- Alert time now includes milliseconds for more precision (ideal for auditing and compliance)
- Reported alert time is now relative to user’s configured timezone
- Alerts automatic pruning procedures can now be enabled / disabled
- Option to hide WP Security Audit Log from Plugins page in WordPress
- If there are more than 15 websites in a multisite installation, an auto complete site search box is shown instead of the drop down menu
New WordPress Security Alerts
- Alert 5007: User has uninstalled / deleted a theme
- Alert 5008: Super administrator network activated a theme on multisite
- Alert 5009: Super administrator network deactivated a theme on multisite
- User avatar is shown in the alert to allow administrators to easily recognize users and their activity
- Clickable username in alerts allow administrators to access user’s profile instantly
- User role is reported in alert so administrators can easily track any suspicious behaviour
- PHP Version checker; upon installation the plugin will check what version of PHP is installed on the system
New WordPress Security Alert for monitoring plugin files
- Alert 2051: User changed a plugin file using the plugin editor (note: filename and location will also be reported in the alert)
- Fixed wrapping problem in alerts dashboard widget
- Fixed upgrade script to properly create the new tables in the WordPress database
- Complete plugin rewrite making the new version more stable and scalable
- New Audit Log viewer
- Auto refresh of security alerts – WordPress administrators do not need to refresh the Audit Log Viewer page to see new alerts
- Data Inspector reports more insider information about each alert (can be enabled from settings)
- Sandbox allows developers to execute PHP code for troubleshooting (can be enabled from settings)
- Request Log that logs all HTTP GET and POST requests done on WordPress (can be enabled from settings)
- Logging of PHP Errors; ideal for developers who want to monitor WordPress for any errors (can be enabled from settings)
- New Support and About Us page that you should check out!
New WordPress Security Alerts for monitoring themes, WordPress settings, files and much more
- Alert 2046: User modified a file using the editor
- Alert 2047: User changed parent of page
- Alert 2048: User changed template of page
- Alert 2049: User set post as sticky
- Alert 2050: User removed post from Sticky
- Alert 5005: User installed a new theme
- Alert 5006: User activated a theme
- Alert 6004: User upgraded WordPress
- Alert 6005: User changed the WordPress permalinks
New WordPress Developer Alerts
- Alert 0000: Unknown error
- Alert 0001: PHP Error
- Alert 0002: PHP Warning
- Alert 0003: PHP Notice
- Alert 0004: PHP Exception
- Alert 0005: PHP Shutdown Error
- Disabled debugging by default (left enabled by mistake)
- Fixed a number of database issues introduced with the WordPress Multisite Support
- Fixed issue with supporting pre WordPress 3.0 multisite installations.
- Fixed errors in debug code (used for when debugging is enabled in plugin)
New Plugin Feature
New WordPress Security Alerts for monitoring specific multisite activity on a WordPress multisite network installation
- Alert 4008: User is granted super admin privileges (network)
- Alert 4009: Super admin privileges (network) are revoked from a user
- Alert 4010: Added an existing user to a site and assigned a specific role
- Alert 4011: Removed user with a specific role from a site
- Alert 4012: New user created on the network
- Alert 7000: Added a new site to network
- Alert 7001: A site was archived
- Alert 7002: A site was unarchived
- Alert 7003: A site was activated
- Alert 7004: A site was deactivated
- Alert 7005: A site was deleted
- Plugin settings page to have the same look and feel of the new WordPress dashboard (3.8)
- Fixed an issue with Edit Post function (in very specific cases)
New WordPress Security Alerts for monitoring of Widgets
- Alert 2042: New widget was added
- Alert 2043: A widget was modified
- Alert 2044: A widget was deleted
- Alert 2045: A widget was moved
New Plugin Features
- New setting to allow specific user(s) and role(s) to view the Audit Log Viewer (read only)
- New setting to allow specific user(s) and role(s) to manage the WP Security Audit Log plugin (can change plugin settings, enable disable WordPress security alerts etc)
- Renamed “login/logout” tab in “Enable/Disable Alerts” section to plugins to “Other User Activity”
- Added the files alerts (uploaded / delete files) to the “Enable/Disable Alerts” (previously unavailable)
- Fixed issue where all users were able to see the Dashboard widgets with security alerts – now restricted only to users who have access to the plugin.
- Fixed user reported issue.
New WordPress Security Alerts for Custom Post Types
- Alert 2029: New post with custom post type created and saved as draft
- Alert 2030: Post with custom post type is publishes
- Alert 2031: A published post with custom post type is modified
- Alert 2032: A draft post with custom post type is modified
- Alert 2033: A post with custom post type was permanently deleted
- Alert 2034: A post with custom post type was moved to trash
- Alert 2035: A post with custom post type was restored from trash
- Alert 2036: The category of a post with custom post type was changed
- Alert 2037: The URL of a post with custom post type was changed
- Alert 2038: The author of a post with custom post type was changed
- Alert 2039: The status of a post with custom post type was changed
- Alert 2040: The visibility of a post with custom post type was changed
- Alert 2041: The date of a post with custom post type was changed
New Plugin Features
- Enable/Disable Alerts node that allows WordPress administrators to switch on or off specific WordPress security alerts
- Dashboard widget that shows the latest 5 WordPress security alerts (widget can be switched on or off from the plugin settings)
- Plugin is now language aware and we can accept translations
- Updated settings page to have the same look and feel of WordPress
- Improved the upgrade procedure of the plugin
- Updated the Audit Log Viewer display to support more resolutions such as those of tables and smartphones
New WordPress Security Alerts
- Alert 6001: Anyone can Register option in WordPress settings was changed
- Alert 6002: Default use role in WordPress settings was changed
- Alert 6003: Administrator notification email in WordPress settings was changed
- Alert 2025: Visibility of a blog post was changed
- Alert 2026: Visibility of a page was changed
- Alert 2027: Date of a blog post was changed
- Alert 2028: Date of a page was changed
- Links to the Audit Log Viewer and Settings in the plugin summary page
- Time of Failed Login alerts now reflects the time of last failed login attempt
- Fixed: Incorrect alerts generated when author of page was changed from quick edit mode
- Fixed: Conflict with WP Mandrill and other plugins using pluggable.php
- Fixed: Incorrect alerts generated when plugin is installed via a zip file / upload method
- Restricted plugin options and WordPress Audit Log Event Viewer only to WordPress administrators
- Improved failed logins events (events generated from the same IP, or same username will be grouped to avoid mass flooding of security events)
- Security Events pruning now uses wp-cron functionality (improved stability and reliability of events pruning)
- Applied several performance improvements (faster loading of events etc)
- Added support for permalinks; now events will include page or blog post URL rather than ID
- Added new alerts for when a page or blog post status is changed from draft, pending review or published
- Added new alert for when a page or blog post URL or author is changed
- Added new alert for when a blog post category is changed
- Added new alerts for when a user creates or deletes a category
- Added new alert for when the author of a blog post or page is changed
- Added new plugin alerts for when a plugin is installed, uninstalled or upgraded
- Updated navigation menu to use standard WordPress dashboard icons etc
- Initial beta release of WP Security Audit Log.