The WP Security Audit Log plugin keeps a log of custom fields changes in WordPress posts. However, it does not keep a log of hidden custom fields.
This document explains hidden custom fields and why the plugin does not keep a log of hidden custom fields changes. It also explains how to enable the logging of specific hidden custom fields.
What are hidden custom fields?
Plugins and themes use hidden custom fields to store posts’ settings. Unlike the normal custom fields their names start with an underscore, for example _visits_number. Hidden custom fields are not displayed in the WordPress’ edit post page either. Below is a screenshot of the normal custom fields shown in an edit post page.
Why WP Security Audit Log does not keep a log of hidden custom field changes?
Many plugins and themes use hidden custom fields to store posts’ settings, statistics and other metadata. For example a plugin uses a hidden custom field _views_number to keep a count of the number of views a post gets.
Since most hidden custom fields are updated very frequently and can only be updated programmatically it is not feasible to keep a log of such changes. So the plugin does not keep a log of hidden custom fields.
Keep a log of hidden custom fields changes
Use the hook wsal_log_hidden_meta_keys to specify the name of hidden custom fields of which you would like the plugin to keep a log of when they are changed. Refer to the WP Security Audit Log plugin hooks documentation for detailed information of how to use this hook, including example code.