Summer is in full swing, and so is the development of WP Security Audit Log, WordPress’ most comprehensive and popular audit trail plugin. We are happy to announce version 2.6.5, an update which includes a few but significant updates.
Improved Monitoring of 404 HTTP Errors
WP Security Audit Log now has two different alerts to keep a record of 404 HTTP errors in the WordPress audit trail, which are generated when someone sends a request to a non-existing page. It has:
- Alert 6007, which is used to record 404 HTTP errors generated by logged in users,
- Alert 6023, which is used to record 404 HTTP errors generated by non-logged in / anonymous users.
The segregation of the reporting of 404 HTTP errors allows you to be more specific when configuring WordPress email notifications or when trying to track down a specific problem or suspicious behaviour. It is also possible to configure logging options for both of the alerts.
Updated Encryption Mechanism
The plugin was using Mcrypt encryption mechanism to encrypt the passwords of the databases used for the external database, and also the archiving and mirroring of the audit log alerts. Since Mcrypt is depreciated in PHP7 we changed it to OpenSSL. Note that the Mcrypt module will still be used in the plugin to convert the old configured passwords and will be removed completely in future updates.
Other Notable Changes in WP Security Audit Log 2.6.5
The other notable changes we have included in this update are:
- We removed the wsal_wp_cookie completely and instead are not using LocalStorage. The cookie was being used to store which database was being used when archiving was enabled.
- We improved the reporting of alert 4014, which previously was being reported even when a user was updating another WordPress user’s profile and the profile page is refreshed.
- We also introduced the new Alert 1007, which is now being used to report that a user logged out another WordPress user’s session from the Users Sessions Management add-on. Please refer to the list of WordPress audit trail alert IDs for a complete list of the WordPress changes that the plugin can keep track of.
Updating the WP Security Audit Log Plugin
You will be alerted in your WordPress dashboard / admin pages that a new WP Security Audit Log plugin update is available.
We also released an update of the Users Sessions Management add-on to support the new Alert 1007, so please update the add-on as well. Note: you must have your license key activated to be alerted that an update for a premium add-on is available.
While the updating process is all automated, should you encounter any problems please do not hesitate to get in touch.