Docs / Configuration
Configuration
Everything below is configured at Tools → Activity Log Settings once the plugin is active.
Core tracking
- Authentication — successful logins, logouts, and failed login attempts (brute-force detection included).
- Content — post creation, publishing, trashing, and deletion; slug and title changes tracked with before/after diff.
- Users — registration, profile changes (email, display name, password, role changes), deletions.
- Plugins & themes — activation, deactivation, installation, updates, and theme switches.
- Settings — changes to key WordPress options (site title, URL, email, permalink structure, etc.).
- Navigation menus — menu updates.
WooCommerce integration (requires WooCommerce)
- Order status transitions — fully compatible with High-Performance Order Storage (HPOS).
- Product price and stock changes — logged with old and new values.
- Coupon applications and removals.
- Refund creation — records amount, reason, and who performed it.
Polylang integration (requires Polylang)
- Language assignments to posts are logged when a post is saved via Polylang.
Security alerts (opt-in, disabled by default)
Two independent hourly WP-Cron checks, each with its own threshold/window:
- Brute-force — too many failed login attempts from the same IP.
- Mass deletion — one user logging an unusually large number of "deleted" events in a short window (a compromised or malicious account deleting content/orders/users in bulk).
Alerts are emailed to the site administrator; optionally also POSTed as JSON to a webhook URL (Slack/Discord incoming webhooks, Zapier, Make, n8n, or any custom endpoint). Duplicate alerts within the same window are suppressed automatically.
Privacy & GDPR
- IP addresses are anonymised by default (last IPv4 octet masked); can be turned off in Settings if your use case needs full IPs.
- User email addresses are never stored in plain text — only a SHA-256 hash is kept.
- Log retention period is configurable (default: 30 days); entries are deleted automatically every night. Optionally archive entries to a gzip CSV before they're purged.
- Custom capabilities (
reslab_al_view_log,reslab_al_clear_log) allow granular access control per role; thereslab_al_viewable_object_typesfilter can further restrict which event types a role sees. - A full
uninstall.phpremoves the database table, all options, archive files, and capabilities when the plugin is deleted.
Admin interface
- Located under Tools → Activity Log — not cluttering the main admin menu.
- Filter by action, object type, user, IP address, date range, or free-text search across event details.
- Events fired within the same request (e.g. a post save that also triggers a language assignment) are grouped into a single row instead of flooding the log with near-duplicates.
- Before/after diff shown inline for every changed field, collapsed by default (
<details>/<summary>). - Export filtered results to CSV, or pull them programmatically via a read-only REST API (
/wp-json/reslab-al/v1/events) for external monitoring/SIEM tools. - Tools → Activity Log Settings for retention (with optional pre-purge archiving), IP anonymisation, both alert types, webhook notifications, and "last ran" status for every background job.