Reslab Activity Log

Reslab Activity Log

A lightweight, privacy-aware audit log that tracks every meaningful change on your WordPress site — from post edits to WooCommerce orders.

WooCommerce GDPR-ready REST API

Core tracking

  • Authentication — successful logins, logouts, and failed login attempts (brute-force detection included).
  • Content — post creation, publishing, trashing, and deletion; slug and title changes tracked with before/after diff.
  • Users — registration, profile changes (email, display name, password, role changes), deletions.
  • Plugins & themes — activation, deactivation, installation, updates, and theme switches.
  • Settings — changes to key WordPress options (site title, URL, email, permalink structure, etc.).
  • Navigation menus — menu updates.

WooCommerce integration (requires WooCommerce)

  • Order status transitions — fully compatible with High-Performance Order Storage (HPOS).
  • Product price and stock changes — logged with old and new values.
  • Coupon applications and removals.
  • Refund creation — records amount, reason, and who performed it.

Polylang integration (requires Polylang)

  • Language assignments to posts are logged when a post is saved via Polylang.

Security alerts (opt-in, disabled by default)

Two independent hourly WP-Cron checks, each with its own threshold/window:

  • Brute-force — too many failed login attempts from the same IP.
  • Mass deletion — one user logging an unusually large number of "deleted" events in a short window (a compromised or malicious account deleting content/orders/users in bulk).

Alerts are emailed to the site administrator; optionally also POSTed as JSON to a webhook URL (Slack/Discord incoming webhooks, Zapier, Make, n8n, or any custom endpoint). Duplicate alerts within the same window are suppressed automatically.

Privacy & GDPR

  • IP addresses are anonymised by default (last IPv4 octet masked); can be turned off in Settings if your use case needs full IPs.
  • User email addresses are never stored in plain text — only a SHA-256 hash is kept.
  • Log retention period is configurable (default: 30 days); entries are deleted automatically every night. Optionally archive entries to a gzip CSV before they're purged.
  • Custom capabilities (reslab_al_view_log, reslab_al_clear_log) allow granular access control per role; the reslab_al_viewable_object_types filter can further restrict which event types a role sees.
  • A full uninstall.php removes the database table, all options, archive files, and capabilities when the plugin is deleted.

Admin interface

  • Located under Tools → Activity Log — not cluttering the main admin menu.
  • Filter by action, object type, user, IP address, date range, or free-text search across event details.
  • Events fired within the same request (e.g. a post save that also triggers a language assignment) are grouped into a single row instead of flooding the log with near-duplicates.
  • Before/after diff shown inline for every changed field, collapsed by default (<details>/<summary>).
  • Export filtered results to CSV, or pull them programmatically via a read-only REST API (/wp-json/reslab-al/v1/events) for external monitoring/SIEM tools.
  • Tools → Activity Log Settings for retention (with optional pre-purge archiving), IP anonymisation, both alert types, webhook notifications, and "last ran" status for every background job.

See it in action

Filter by action, object type, user, date range, or free-text search.
Inline before/after diff for every changed field.
Retention, archiving, GDPR, and brute-force alerts.
Mass-deletion alerts and webhook notifications.