WP Security Audit Log 3.0 Is Released

After three long months, WP Security Audit Log version 3.0 has finally arrived. The most recent version of WordPress’ most comprehensive and complete activity log solution features a new licensing model & mechanism, new alerts, several updates and bug fixes. Here is a highlight of what is new and improved in the latest version of this plugin.

New Licensing Model

As announced a few days ago, from version 3.0 onward we will no longer sell individual add-ons. Instead the WP Security Audit Log will be available in four editions:

  • Free – as it currently is,
  • Starter – includes Email Alerts and Search,
  • Professional – includes Email Alerts, Search, Reports, Users Sessions Management, Database Management and Integrations module,
  • Business – the same as the Professional Edition but also with priority support and account manager.

For more details on the new licensing mechanism, such as when the existing customers will be migrated, read the post  2018 – New Licensing Model for the WP Security Audit Log WordPress Plugin. If you have any questions on the new licensing mechanism please do not hesitate to contact us.

FeatureFreeStarterProfessionalBusiness
SupportForumsEmail & PhoneEmail & PhoneEmail & Phone
Comprehensive Audit Log
Email Notifications
Search & Filters
Reports
Users Sessions Management
External DB & Integrations
Priority Support

Integration with Freemius

In this release of WP Security Audit Log plugin we also included Freemius, which will allow us to provide free trials, better manage our licensing program and accept credit card payments via a new payment gateway, not just PayPal payments.

Freemius will also give us the functionality to better understand our users and how they are using our plugin, thus helping us in continuously improve the plugin and make sure it meets all of our customers’ requirements. You can read more about Freemius in What is Freemius and How Do We Use It.

Note that opting in is optional and should you choose to not opt-in, the plugin will still work. Also when you opt-in to send us diagnostic data, NO audit log and user activity is sent to us.

Freemius & WP Security Audit Log

Other Noteworthy Features

Apart from the two big changes above, which took most of the development time for this release, we also managed to fit in some other new features, which are:

  • New Alerts for change of WordPress URL (6024) and site URL (6025),
  • Fixed a number of coding issues to make the plugin WP Engine compliant,
  • Plugin now also captures the status and created date of a post. This data is needed to implement new features in future versions.
  • Updated the Italian translation files.

All of these improvements along with a number of a handful of bug fixes help make the WP Security Audit Log plugin better than ever before.

Updating WP Security Audit Log

The update of version 3.0 is available today and can be installed directly from your WordPress admin Plugins page. Should you have any queries or require any assistance, do not hesitate to get in touch with us.

Send Some Stars Our Way

If you have been using the WP Security Audit Log plugin please send some stars our way! Spare a minute of your day to rate our plugin. We really like stars!

Audit Logs for Paid Membership Pro WordPress Plugin

Paid Membership Pro is a plugin that allows you to create membership area on your WordPress websites. It is installed on more than 60,000 websites, hence it is the plugin of choice if you want to build a membership area. Though Paid Membership Pro does not have any audit logs / trails capabilities.

Why Do you Need Audit Logs for Paid Membership Pro?

When you run a membership website it is vital to keep a record of all the changes that happen on your website, your members’s accounts, memberships statuses, payments etc. Though since Paid Membership Pro does not keep a record of when a member’s account is changed, or when the membership level is changed, or when a membership is paid, administrators cannot keep track of what is happening on their membership website. For example they have to rely on the payment gateway’s records to verify if a membership was renewed or not.

The above are just a few examples. There are many other changes that you need to keep a record of when running a membership website. Hence why, Bill Stolz developed the WordPress plugin WP Security Audit Log addon for Paid Memberships Pro.

Introducing WP Security Audit Log addon for Paid Memberships Pro

The WP Security Audit Log addon for Paid Memberships Pro is an add-on for WordPress’ most popular and widely used audit logging plugin WP Security Audit Log. The add-on is available for free and once installed it allows you to keep an audit trail of all the changes that took place on the Paid Membership Pro plugins and your website’s members.

You can download the WP Security Audit Log addon for Paid Memberships Pro from the official WordPress plugins repository.

How are Changes on Paid Memberships Pro Recorded in the WordPress Audit Trail?

Once you install the WP Security Audit Log plugin and the add-on, the following Alert IDs are used by the plugin to keep a record of the changes on Paid Memberships Pro plugin and your website’s members.

Alerts related to User Meta:

Alert 8501: A user created a new meta field for a member user. In this alert the name and value of the meta key will be reported.

Alert 8502: A user changed the name of the meta field for a member user. In this alert both the old and new name of the meta field will be reported.

Alert 8503: A user modified the value of a meta field for a member user. In this alert the name of the meta field and both the new and old values will be reported.

Alert 8504: A user deleted a meta field that was in a member user profile. In this alert the name of the deleted meta field will be reports.

Alerts for Paid Memberships Pro (PMPro) Orders

Alert 8601: A New PMPro order has been added to a user. In this alert the User, Membership Level, Order Amount, Order Status, and Payment type will be listed.

Alert 8602: A PMPro order has been deleted. In this alert the User associated with the Order, Membership Level, Order Amount, Order Status and Payment type are listed.

Alert 8603: A PMPro order has been changed. This alert it will list what field in the order that changed along with the Old value and the New value.

Alerts for Changes in User’s Paid Memberships Pro (PMPro) Level

Alert 8604: A user’s PMPro Level changed.  In this alert the Old Level, New Level, Start and End dates related to the new level, discount code (if provided), and user effected are reported.

Alert 8618: A PMPro level associated with a user was cancelled. In this alert the level, Old status, New Status, Old End Date, New End Date, and the user effected are reported.

Alert 8605: A user completed PMPro checkout process. In this alert the Order number, Discount Code ID and the user effected are reported.

Alerts for to Paid Memberships Pro (PMPro) Discount Codes

Alert 8606: A PMPro discount code is deleted. In this alert the discount code ID, discount code, start date, expires date, and allowed uses are reported.

Alert 8607: A PMPro discount code is Updated.  In this alert the discount code ID, Discount code, Start Date, Expires Date, and allowed uses are reported.

Alert 8617: A PMPro discount code is Added.  In this alert the discount code ID, Discount code, Start Date, Expires Date, and allowed uses are reported.

Alert 8608: Information about a PMPro discount code level is updated. In this alert the Order ID, Membership Level, Initial Payment amount, Recurring Billing Amount, Cycle number, Cycle period (Days, weeks, month, year), Limit, Trial Amount, expiration number, expiration period are reported.

Alerts for Paid Memberships Pro (PMPro) Membership Levels

Alert 8609: A PMPro Membership Level is saved. In this alert the Level Name, Level Description, Confirmation Message, Initial Payment Amount, recurring payment amount, Number of Cycles, Period (Days, weeks, months, years), limit, trial amount, trial limit, expiration number, expiration period, new signups allowed are reported.

Alert 8610: A PMPro Membership Level is deleted. In this alert it the Level Name, Level Description, Confirmation Message, Initial Payment Amount, recurring payment amount, Number of Cycles, Period (Days, weeks, months, years), limit, trial amount, trial limit, expiration number, expiration period, new signups allowed are reported.

Alerts for Paid Memberships Pro (PMPro) Payment Gateways & Payments

Alert 8611: A PMPro Payment Subscription is cancelled. In this alert the Order ID, related discount code (if any), User, Payment Gateway, Subscription Transaction ID, Order Amount, Order Status, Payment Type are reported.

Alert 8612: A PMPro Payment Subscription is expired. In this alert the Order ID, related discount code (if any), User, Payment Gateway, Subscription Transaction ID, Order Amount, Order Status, Payment Type are reported.

Alert 8613: A PMPro Paypal IPN Payment is processed. In this alert the Order ID, related discount code (if any), User, Payment Gateway, Subscription Transaction ID, Order Amount, Membership Level, Order Status, Payment Type are reported.

Alert 8614: A PMPro Payment Subscription is completed. In this alert the Order ID, related discount code (if any), User, Payment Gateway, Subscription Transaction ID, Order Amount, Membership Level, Order Status, Payment Type are reported.

Alert 8615: A PMPro Payment Subscription failed. In this alert the Order ID, related discount code (if any), User, Payment Gateway, Subscription Transaction ID, Order Amount, Membership Level, Order Status, Payment Type are reported.

Alert 8616: A PMPro Payment Subscription is past due. In this alert the Order ID, related discount code (if any), User, Payment Gateway, Subscription Transaction ID, Order Amount, Membership Level, Order Status, Payment Type are reported.

Keeping an Audit Log of Membership, Payments and Other Paid Membership Pro Plugin Settings Changes

To get started it is really easy. First install the WP Security Audit Log plugin and then install the free Paid Membership Pro activity log add-on. Watch the below video for a short introduction to WP Security Audit Log and refer to the complete list of WordPress audit trail alerts for a complete list of WordPress website changes that the plugin can keep a log of.

Search 2.0 Add-On for WP Security Audit Log Released

This update took quite some time to finish, but finally it is here. We are happy to announce the new Search 2.0 Add-on, which adds search functionality to WordPress’ most popular and widely used audit trail plugin WP Security Audit Log. This update which features new functionality and also a completely revamped, new UI. Let’s see what is new in this exciting update of the Search Add-On.

New Search Filters

Prior to this update you could only search for a specific change done by a user by using the username filter. Now you can use the filters to search for activity from a user with a specific First Name and Last Name.

Filters in the Search Add-On for WP Security Audit Log

We also included a new search filter for Post Type. So if for example you have a blog post and a post of a custom type (such as Movie from a movie database) with the same name, you can easily filter the search results for changes that happened on that particular post type.

Save and Load Search Term and Filters

In this update of the Search add-on we also included the ability to save the search term and filters. Therefore if for example you have to search for something specific from time to time, you can save both the search term and filters and reload them whenever you need to do the search again.

Save, Load and Reuse a combination of Search terms and filters

Other Notable Updates in Search 2.0 Add-On

Apart from a number of add-on performance improvements, we have also:

  • Added a new button to clear search results,
  • Included hover over functionality to filter audit trail either by IP address or username.

Updating to Search 2.0

You will be notified that an update is available for the add-on in your WordPress dashboard, similar to updating normal plugins from the repository. The update process is fully automated but should you encounter any issues, do not hesitate to get in touch. Note that you must have a valid and non-expired license key to be notified of the update.

 

WP Security Audit Log 2.6.6 Released

We just released an update of WP Security Audit Log, the most popular and widely used WordPress security audit trail plugin. The main highlight of this update is the ability to keep a record of changes done to custom fields created by Advanced Custom Fields (ACF) and similar plugins.

Note that we also released the new Search 2.0 add-on, with a new UI and functionality. Read the WP Security Audit Log Search 2.0 release notes for more information.

Logging Capabilities of Custom Fields

Prior to this release, the plugin was only keeping a log of changes done to the built-in custom fields of WordPress in posts, pages and posts with custom post type. Though with this update, it is also able to keep a record in the WordPress audit trail when the value of a custom field created by ACF is changed in a post, page, post with custom post type and also user profiles.

In fact with this update we also introduced two new alerts:

  • Alert 4015: User updated Custom Field in a user profile
  • Alert 4016: User created a custom Field in a user profile

Refer to the list of WordPress audit trail alerts for a complete list of changes that the WP Security Audit Log plugin can keep a record of on a WordPress website.

Other Notable Updates

We also included other updates in this version, such as:

  1. A new option to either show the Username or the First & Last Name of the users in the WordPress Audit Trial.

Option to display either username of first and last name of user in WordPress audit trail

  1. Changed the naming format and location of 404 error log files. For more information refer to the logging of 404 errors with WP Security Audit Log. Note: we changed the naming format because there were security issues with the format we were using before. Thank you Enable Security for the proof of concept and help with this issue.
  2. We also added a new Tooltip functionality to filter all alerts by IP Address, as shown in the below screenshot.

Filter to filter WordPress audit trail by activity from a specific IP address

Updating WP Security Audit Log

You will be alerted in your WordPress dashboard / admin pages that a new WP Security Audit Log plugin update is available. The updating process is all automated, though should you encounter any problems please do not hesitate to get in touch.

What Do You Think of WP Security Audit Log?

The WP Security Audit Log plugin was designed to help WordPress website owners and businesses keep a record of everything that is happening on their website. Did WP Security Audit Log help you in some way? Have you been using it for a few months and maybe years? If yes, we would appreciate if you can spare a minute to send some stars our way and let us know what are your thoughts on the plugin.

Reports Add-On Version 2.1.1 Available for Download

Today we released an updated version of the Reports Add-On. This is a minor release and in it we:

  1. Moved the Reports upload directory to /wp-content/uploads/wp-security-audit-log/reports/
  2. Removed all of the wp_session cookie code (no longer needed)
  3. Improved the code that loads wp-config.php
  4. Removed the error log function.

If you have activated your license key you will be alerted that a new plugin update is available. In case you have any queries or need any assistance please do not hesitate to get in touch.

WP Security Audit Log Update 2.6.5 Available for Download

Summer is in full swing, and so is the development of WP Security Audit Log, WordPress’ most comprehensive and popular audit trail plugin. We are happy to announce version 2.6.5, an update which includes a few but significant updates.

Improved Monitoring of 404 HTTP Errors

WP Security Audit Log now has two different alerts to keep a record of 404 HTTP errors in the WordPress audit trail, which are generated when someone sends a request to a non-existing page. It has:

  • Alert 6007, which is used to record 404 HTTP errors generated by logged in users,
  • Alert 6023, which is used to record 404 HTTP errors generated by non-logged in / anonymous users.

The segregation of the reporting of 404 HTTP errors allows you to be more specific when configuring WordPress email notifications or when trying to track down a specific problem or suspicious behaviour. It is also possible to configure logging options for both of the alerts.

Updated Encryption Mechanism

The plugin was using Mcrypt encryption mechanism to encrypt the passwords of the databases used for the external database, and also the archiving and mirroring of the audit log alerts. Since Mcrypt is depreciated in PHP7 we changed it to OpenSSL. Note that the Mcrypt module will still be used in the plugin to convert the old configured passwords and will be removed completely in future updates.

Other Notable Changes in WP Security Audit Log 2.6.5

The other notable changes we have included in this update are:

  1. We removed the wsal_wp_cookie completely and instead are not using LocalStorage. The cookie was being used to store which database was being used when archiving was enabled.
  2. We improved the reporting of alert 4014, which previously was being reported even when a user was updating another WordPress user’s profile and the profile page is refreshed.
  3. We also introduced the new Alert 1007, which is now being used to report that a user logged out another WordPress user’s session from the Users Sessions Management add-on. Please refer to the list of WordPress audit trail alert IDs for a complete list of the WordPress changes that the plugin can keep track of.

Updating the WP Security Audit Log Plugin

You will be alerted in your WordPress dashboard / admin pages that a new WP Security Audit Log plugin update is available.

We also released an update of the Users Sessions Management add-on to support the new Alert 1007, so please update the add-on as well. Note: you must have your license key activated to be alerted that an update for a premium add-on is available.

While the updating process is all automated, should you encounter any problems please do not hesitate to get in touch.

New Reports Add-On Update: Statistics & Configurable Periodic WordPress Reports

We are happy to announce the new update of the Reports Add-on.  We’ve completely rewrote the code of the scheduled reports and much more. Here is an overview of what is new and improved in this update for this WP Security Audit Log premium add-on;

Schedule Daily, Weekly, Monthly & Quarterly WordPress Reports

The scheduled reports have been revamped. Now it is possible to schedule any type of report. To schedule a report all you need to do is select the criteria, specify the email address(es) of the recipients and the frequency. You can choose from Daily, Weekly, Monthly and Quarterly reports as shown in the below screenshot.

Configuring periodic WordPress Reports

Modifying Configured Scheduled Reports

All the configured scheduled reports are listed in the Configured Periodic Reports table. You can also modify any of the configured periodic reports by clicking the Modify button.

Configured WordPress Periodic Reports

Breaking Change:  Note that any of the previously configured scheduled reports will be disabled, so please reconfigure the new ones.

New Statistics WordPress Reports

In this new updates of the WP Security Audit Log Reports Add-On we also introduced the Statistics reports. These reports allow you to see how many times a user logged in, or how many pages the user visited and more. Below is a complete list of the statistics reports you can generate with the new Reports Add-On:

  • Number of logins for a user
  • Number of logins for users with a specific role
  • Number of views for a user
  • Number of views for users with a specific role
  • Number of published content for user
  • Number of content for users with a specific role.

You can also create a report with a list of all the different IP addresses every username used, or logged in from, as seen in the below screenshot. This report is handy if you want to ensure that for example a paid membership is not being shared by multiple users.

A sample of a WordPress Report

To create a statistics report simply click on the Statistics tab at the top of the Reports admin screens, select the criteria and specify the username or role. You can also specify a date range for the report. For example in the screenshot below I am setting the criteria to generate a report to see how many pages, posts or custom post types the users with Editor role has viewed.

Creating a WordPress statistics report

Updating Your Reports Add-On

The new version is 2.1.0. You will be alerted by WordPress that an update is available and you can update the add-on like any other WordPress plugin. If you are not alerted about the update you either have not activated your license key or it is expired. Please ensure you activate all your license keys so you keep on getting updates.

If you have any questions about the license keys do get in touch. We would be more than happy to assist you.

Improved Monitoring of WordPress Site-Wide Settings with WP Security Audit Log

We are happy to announce the release of version 2.6.2 of WP Security Audit Log, WordPress’ most comprehensive and easy to use audit trail plugin. This update includes new monitoring capabilities of a WordPress’ site-wide website settings and post specific settings. We also managed to fit in several improvements and bug fixes.

Let’s take a look at what is new, improved and fixed in 2.6.2:

Monitoring of WordPress Website Site-Wide Settings

This update’s main focus was to improve the monitoring of the site-wide comments settings of a WordPress website, including the settings of sites on a WordPress multisite installation. Below is a list of Alert IDs that the plugin will use to keep a record of such changes in the WordPress audit trail:

  • Alert 6008: User enabled / disabled the option Discourage search engines from indexing this site.
  • Alert 6009: User enabled / disabled comments on the website.
  • Alert 6010: User enabled / disabled the option Comment author must fill out name and email.
  • Alert 6011: User enabled / disabled the option Users must be logged in and registered to comment.
  • Alert 6012: User enabled / disabled the option to automatically close comments after a number of days.
  • Alert 6013: User changed the value of the option automatically close comments after a number of days.
  • Alert 6014: User enabled / disabled the option for comments to be manually approved.
  • Alert 6015: User enabled / disabled the option for an author to have previously approved comments for the comments to appear.
  • Alert 6016: User changed the number of links a comment must have to be held in the queue.
  • Alert 6017: User modified the list of keywords for comments moderation.
  • Alert 6018: User modified the list of keywords for comments blacklisting.

Monitoring of Post Specific Comments, Pingbank and Trackback Settings

In this update we also including monitoring capabilities of the Pingback and Trackback settings in posts. Below is a list of alerts the plugin will use to keep a record of such changes in the WordPress audit trial:

  • Alert 2111: User disabled Comments / Trackbacks and Pingbacks on a published post.
  • Alert 2112: User enabled comments / Trackbacks and Pingbacks on a published post.
  • Alert 2113: User disabled Comments / Trackbacks and Pingbacks on a draft post.
  • Alert 2114: User enabled comments / Trackbacks and Pingbacks on a draft post.
  • Alert 2115: User disabled Comments / Trackbacks and Pingbacks on a published page.
  • Alert 2116: User enabled comments / Trackbacks and Pingbacks on a published page.
  • Alert 2117: User disabled Comments / Trackbacks and Pingbacks on a draft page.
  • Alert 2118: User enabled comments / Trackbacks and Pingbacks on a draft page.

Monitoring Capabilities of Other Changes on Your WordPress Website

We also managed to include the monitoring of the following changes:

  • Alert 1006: User logged out all other sessions with the same username
  • Alert 4014: User opened the profile page of another user

Refer to the complete list of security alerts the WP Security Audit Log plugin uses to keep a record of changes in the WordPress audit trail.

WP Security Audit Log Plugin Improvements

In this update we also applied a few plugin improvements, which are listed below:

  1. We organised the list of alerts using categories and sub categories, hence now it is easier for you to find a specific alert.

The list of the WordPress audit trail alerts split into categories

  1. URLs are now reported in full in the WordPress audit trail (previously they were truncated).
  2. When the logging of requests to non-existing pages (404s) is disabled, the alert will not contain a link to a log file that does not exist.
  3. Added additional checks when using the function wp_sessions_register_garbage_collection to ensure there are no clashes with other plugins.

Reports, Search and Users Sessions Management Add-On Updates

Since in this update of WP Security Audit Log we changed the way alerts are organised we also released an update for the below list of add-ons. Therefore upon updating the plugin update the add-ons below, else they might not function properly:

Updating the WP Security Audit Log Plugin & Add-Ons

You will be prompted to update the plugin and add-ons in the Plugins page. Should you encounter any issues do not hesitate to get in touch and please do spare a minute to rate our plugin. Give us five stars, because everyone likes stars!

Email Notifications Add-On Version 2.1.3 Released

Today we released an update for the Email Notifications Add-on, which allows you to configure your own rules so you are instantly alerted via email of important changes on your WordPress. With this update you can now:

  • Use custom WordPress user roles when creating a rule
  • Use Custom Post Types with prefix

In previous builds of the Email Notification Add-on both of the above were not supported.

Updating the Email Notifications Add-On

You will be alerted that an update is available in your WordPress dashboard. Note that to be alerted you need to activate your license key, hence why it is very important to activate the license key.