Reslab Activity Log

Docs / Configuration

Configuration

Everything below is configured at Tools → Activity Log Settings once the plugin is active.

Core tracking

  • Authentication — successful logins, logouts, and failed login attempts (brute-force detection included).
  • Content — post creation, publishing, trashing, and deletion; slug and title changes tracked with before/after diff.
  • Users — registration, profile changes (email, display name, password, role changes), deletions.
  • Plugins & themes — activation, deactivation, installation, updates, and theme switches.
  • Settings — changes to key WordPress options (site title, URL, email, permalink structure, etc.).
  • Navigation menus — menu updates.

WooCommerce integration (requires WooCommerce)

  • Order status transitions — fully compatible with High-Performance Order Storage (HPOS).
  • Product price and stock changes — logged with old and new values.
  • Coupon applications and removals.
  • Refund creation — records amount, reason, and who performed it.

Polylang integration (requires Polylang)

  • Language assignments to posts are logged when a post is saved via Polylang.

Security alerts (opt-in, disabled by default)

Two independent hourly WP-Cron checks, each with its own threshold/window:

  • Brute-force — too many failed login attempts from the same IP.
  • Mass deletion — one user logging an unusually large number of "deleted" events in a short window (a compromised or malicious account deleting content/orders/users in bulk).

Alerts are emailed to the site administrator; optionally also POSTed as JSON to a webhook URL (Slack/Discord incoming webhooks, Zapier, Make, n8n, or any custom endpoint). Duplicate alerts within the same window are suppressed automatically.

Privacy & GDPR

  • IP addresses are anonymised by default (last IPv4 octet masked); can be turned off in Settings if your use case needs full IPs.
  • User email addresses are never stored in plain text — only a SHA-256 hash is kept.
  • Log retention period is configurable (default: 30 days); entries are deleted automatically every night. Optionally archive entries to a gzip CSV before they're purged.
  • Custom capabilities (reslab_al_view_log, reslab_al_clear_log) allow granular access control per role; the reslab_al_viewable_object_types filter can further restrict which event types a role sees.
  • A full uninstall.php removes the database table, all options, archive files, and capabilities when the plugin is deleted.

Admin interface

  • Located under Tools → Activity Log — not cluttering the main admin menu.
  • Filter by action, object type, user, IP address, date range, or free-text search across event details.
  • Events fired within the same request (e.g. a post save that also triggers a language assignment) are grouped into a single row instead of flooding the log with near-duplicates.
  • Before/after diff shown inline for every changed field, collapsed by default (<details>/<summary>).
  • Export filtered results to CSV, or pull them programmatically via a read-only REST API (/wp-json/reslab-al/v1/events) for external monitoring/SIEM tools.
  • Tools → Activity Log Settings for retention (with optional pre-purge archiving), IP anonymisation, both alert types, webhook notifications, and "last ran" status for every background job.