Docs / Hooks & REST API
Hooks & REST API
Filters
| Filter | Description |
|---|---|
reslab_al_trusted_proxies |
Array of trusted proxy IP addresses for forwarded-header IP resolution |
reslab_al_viewable_object_types |
array $types, int $user_id — restrict which object_type values the current user can see in the log, export, and REST API. Empty (default) = unrestricted. |
reslab_al_default_roles |
array $roles — roles granted reslab_al_view_log / reslab_al_clear_log / reslab_al_manage_settings on activation and on every schema upgrade. Defaults to [ 'administrator' ]. |
Actions
| Action | Description |
|---|---|
reslab_al_alert_bruteforce |
array $payload — fires after a brute-force alert email is sent. $payload has ip, attempts, window_hours, log_url. |
reslab_al_alert_mass_deletion |
array $payload — fires after a mass-deletion alert email is sent. $payload has user_id, user_login, deletions, window_hours, log_url. |
Use these for integrations a generic webhook POST can't handle (a Telegram bot API call, a signed Slack SDK request, writing to another system, etc.). For simpler cases, set reslab_al_alert_webhook_url in Settings instead — no code required.
REST API
GET /wp-json/reslab-al/v1/events — read-only, paginated (page, per_page, max 200), authenticated via WP Application Passwords, gated by reslab_al_view_log. Accepts the same filter_action / filter_object_type / filter_user / filter_date_from / filter_date_to / filter_ip / filter_search query params as the admin screen, and respects reslab_al_viewable_object_types. Response includes X-WP-Total / X-WP-TotalPages headers.