We are happy to announce version 2.6.9 of WP Security Audit Log, WordPress’ most comprehensive, easy to use and widely used audit trail plugin. Here is an overview of what is new in this update.
New alerts to keep a log Tags changes
We have added a number of new alerts that the WP Security Audit Log plugin will use to keep a log of Tags changes in WordPress. The plugin will keep a log both when a tag is added or removed to a post, and also when a tag is added, modified or deleted from WordPress. Below is the list of new alerts:
- Alert 2119: tag was added to a post
- Alert 2120: tag was removed from a post
- Alert 2121: added a new tag on WordPress
- Alert 2122: deleted a tag from WordPress
- Alert 2123: renamed a tag
- Alert 2124: change the slug of a tag
- Alert 2125: changed the description of a tag
For the complete list of Alerts and their IDs that the WP Security Audit Log uses to keep a log of all the changes on WordPress refer to the list of WordPress audit trail alerts IDs.
Improved logging for Users profile changes
In this update of the WP Security Audit Log plugin we have added four new alerts that the plugin will use to keep a record in the audit log when a WordPress user’s first name, last name, nickname or display name are changed. Here is the list of alerts:
- Alert 4017: the first name of a user was changed
- Alert 4018: the last name of a user was changed
- Alert 4019: the nickname of a user was changed
- Alert 4020: the display name of a user was changed
Improved monitoring of failed WordPress Logins
Another important change in this update of the plugin are two new settings for alerts 1002 and 1003, which are used to log failed WordPress logins in the audit log.
The first setting allows you to specify how many failed logins should the plugin keep a record of in the WordPress audit log. By default this is set to 10. We have set a default low value so the plugin does not hog the web server resources in case your WordPress is a target of a brute force attack.
The second setting, when enabled the plugin will record the username in a log file, when a user which is not on your WordPress is used during the failed login.
Logging the referrer when 404 errors happen
We also added a new setting to alerts 6007 and 6023, which are used to keep a log when a non-existing URL (HTTP 404 error) is requested on your WordPress website. When the new setting is enabled the plugin will also record the referrer in the log file when a non-existing URL (404 error) is generated.
Originally we have created alerts 6007 and 6023 so a WordPress administrator can easily identify attacks such as automated scans etc. Though many have requested us to also keep a record of the e referrer so it can also help them identify broken links on the website, and so we did. Might as well, at least we kill two birds with one stone.
Other updates and improvements in WP Security Audit Log 2.6.9
This update of the WP Security Audit Log plugin also includes a few more updates and changes. For a complete list of what is new and improved in this update please refer to the WP Security Audit Log change log.