pojome / activity-log Goto Github PK

Get aware of any activities that are taking place on your dashboard! Imagine it like a black-box for your WordPress site.

Home Page: http://wordpress.org/plugins/aryo-activity-log/

CSS 0.22% JavaScript 5.76% Shell 2.41% PHP 91.62%

wordpress plugin activity-log

activity-log's Introduction

Activity Log - Monitor & Record User Changes

Contributors: elemntor, KingYes, ariel.k, maor
Tags: Activity Log, User Log, Audit Log, Security, Email Log,
Requires at least: 6.0
Requires PHP: 7.0
Tested up to: 6.5
Stable tag: 2.10.1
License: GPLv2 or later

This top rated Activity Log plugin helps you monitor & log all changes and actions on your WordPress site, so you can remain secure and organized.

Description

AN EASY TO USE & FULLY SUPPORTED WORDPRESS ACTIVITY LOG PLUGIN

Want to monitor and track your WordPress website activity? Find out exactly who does what on your WordPress website with this plugin. Activity Log is like an airplane’s black box that logs every action in the WordPress admin, and lets you see exactly what users are doing on your WordPress website.

If someone is trying to hack your site
When a post was published, and who published it
If a plugin/theme was activated/deactivated
Suspicious admin activity

It’s so essential; you’ll wonder how you ever managed your website without it. The plugin is also lightning fast and works behind the scenes, so it doesn\’t affect site and admin performance. For optimal performance, we built the plugin so that it runs on a separate table in the database.

If you have more than a handful of users, keeping track of who did what is virtually impossible. This plugin solves that issue by tracking what actions were initiated by which users, and displaying it in an easy-to-use and easy-to-filter view on the dashboard of your WordPress site.

New! Introducing Email Logging - Capture all emails sent from your WordPress site for streamlined debugging and compliance. Gain better visibility into email communication, aiding both troubleshooting and record-keeping. This is particularly beneficial for WooCommerce stores, allowing you to easily track sent emails alongside other critical site events.

Export to CSV - Export your Activity Log data records to CSV. Developers can easily add support for custom data formats with our new dedicated Export API.

Data Privacy and GDPR Compliance - We provide the tools to help you adhere to GDPR compliance standards, including Export/Erasure of data via the WordPress Privacy Tools.

With the Activity Log you can record:

WordPress - Core updates
Posts - Created, updated, deleted
Pages - Created, updated, deleted
Custom Post Type - Created, updated, deleted
Tags - Created, updated, deleted
Categories - Created, updated, deleted
Taxonomies - Created, updated, deleted
Menus - Created, updated, deleted
Media - Created, updated, deleted
Comments - Created, approved, unapproved, trashed, untrashed, spammed, unspammed, deleted
Users - Login, logout, login failed, update profile, registered, deleted
Plugins - Installed, updated, activated, deactivated, changed
Themes - Installed, updated, deleted, activated, changed (Editor and Customizer)
Widgets - Added to sidebar, deleted from sidebar, order widgets
Setting - General, writing, reading, discussion, media, permalinks
Options - Extended custom settings for 3rd party plugins
Export - Exported activity log file
WooCommerce - Track products, orders, customers, and more
bbPress - Forums, topics, replies, taxonomies, and other actions
Emails sent from WordPress site - Sending successful, sending failed
There’s more, of course, but you get the point...

For each event recorded by the activity log, the following details are also logged:

Date and time of occurrence
User and user role responsible for the change
Source IP address from which the change originated
Affected object where the change occurred

The plugin doesn\’t require any kind of setup; it works right out of the box (just another reason people love it)!

Data Storage and Performance Optimization

In order to ensure optimal performance of your website, all events and logs data are stored in a dedicated custom table within your WordPress database. This approach significantly reduces the impact on your website's performance, ensuring seamless operation even during peak traffic periods.

Uninstall Clean-up

We understand the importance of maintaining a clean and efficient database environment. That's why our plugin features an uninstall hook that seamlessly removes all traces of its presence from your website when uninstalling. This meticulous clean-up process ensures that your database remains lean and clutter-free even after our plugin has been removed.

With our optimized data storage, thorough logging, and meticulous clean-up process, you can trust that our plugin will enhance the functionality and security of your WordPress site without compromising its performance.

What users have to say

“Its tools, particularly for data privacy and GDPR compliance, make it indispensable for websites operating within European Union boundaries or dealing with EU citizens’ data” - HubSpot.com
“If you’re after a competent WP security audit log plugin with all the basic features you need, Activity Log is it!” - WPAstra.com
“Activity Log features a remarkably straightforward dashboard interface, providing administrators with an at-a-glance understanding of site interactions” - Malcare.com
“Best 10 Free WordPress Plugins of the Month: Keeping tabs on what your users do with their access to the Dashboard” - ManageWP.com
“Thanks to this step, we’ve discovered that our site was undergoing a brute force attack” - Artdriver.com
“Optimized code – The plugin itself is blazing fast and leaves almost no footprint on the server” - FreshTechTips.com
“Activity Log lets you track a huge range of activities. Overall, very easy to use and setup” - ElegantThemes.com

Contributions:

Would you like to contribute to this plugin? You’re more than welcome to submit your pull requests on the [GitHub repo](https://github.com/pojome/activity-log). And, if you have any notes about the code, please open a ticket on the issue tracker.

Installation

Upload plugin files to your plugins folder, or install using WordPress' built-in Add New Plugin installer
Activate the plugin
Go to the plugin page (under Dashboard > Activity Log)

Screenshots

The log viewer page
The settings page
Screen Options

Frequently Asked Questions

Requirements

Requires PHP 7.0 for list management functionality.

What is the plugin license?

This plugin is released under a GPL license.

Can I export logs?

You can easily export logs with Activity Log. We also support exporting filtered results. Filter by the time the action took place, roles, users, options, action type, and more.

Changelog

2.10.1 - 2024-04-17

Tweak: Add option to not keep email logs (Topic)

2.10.0 - 2024-04-08

New: Introducing Email Logging - Capture all emails sent from your WordPress site
Tweak: Added filter to change menu page capability (#205)
Tweak: Set the date display on CSV export file according to WordPress settings (#204)

2.9.2 - 2024-03-18

Tweak: Added an aal_skip_insert_log filter to skip record on demand (Topic)

2.9.1 - 2024-02-21

Tweak: Temporarily removed WC integration while working on updated support in the future

2.9.0 - 2023-11-22

New: Added log when plugin is deleted (Topic)
Tweak: Added an option to "Do not collect IP" in the log (#195)

2.8.8 - 2023-08-20

Tweak: Added aal_export_csv_separator filter to change the separator in CSV export (Topic)
Tweak: Added Visitor IP Detected to prevent IP manipulations in log

2.8.7 - 2023-07-30

Tweak: Remove Elementor Promotion from Activity Log plugin
Tweak: Added support for non-standard WordPress loading (Topic)
Fix: Logs kept for longer than settings (Topic, #178)

2.8.6 - 2023-05-08

Tweak: Improved database performance for new installations by adding indexes
Fix: Added compatibility for PHP 8.1 (#180)

2.8.5 - 2022-11-21

Tweak: Now the date/time format is displayed according to the site settings (Topic)
Fix: Added compatibility for PHP 8.1 (Topic)
Fix: Add input sanitization to avoid security issues

2.8.4 - 2022-09-04

Tweak: Added Activity Log setting to records log
Tweak: Added encoded value in CSV file (#165)

2.8.3 - 2022-03-09

Tweak: Run Clear old items from DB once daily to avoid unexpected errors (#156)

2.8.2 - 2022-01-25

Fix: Auto-updates of core, plugins and themes are not registered to the log (#155, props @nicomollet)

2.8.1 - 2021-12-01

Fix: Activity log database table not being dropped after deleting the plugin in multisite installation

2.8.0 - 2021-11-17

New: Added Privacy Settings to records log
New: Added Site Language to records log
New: Added a filter link to Topic, IP, Date, User and Action in the log table screen
Tweak: Aligned Topics to be in plural instead of singular
Fix: Filter by users dropdown on activity page threw a timeout error in some cases (#141)
Fix: CSV Export issue with comma separated values (Topic)

2.7.0 - 2021-05-06

New: Added an option to skip or keep the failed login logs for better optimization (#125)
Tweak: Improved the activity log table with clear labels and re-order columns for better UX
Tweak: Changed the wrong_password action to failed_login in User topic
Tweak: Changed the added action to uploaded in Attachment topic
Tweak: Changed the created action to registered in User topic
Fix: Add input sanitization to avoid security issues

2.6.1 - 2021-02-15

Fix: Conflict with WooCommerce while you using new block editor

2.6.0 - 2020-10-19

Tweak: Added support for CloudFlare and CloudFlare Enterprise client IP header (#133)
Tweak: Added browser confirmation to Reset Database option
Tweak: Notification tab is now deprecated for new installations
Tweak: Added support for displaying custom role activity log (#78, #135, Topic, Topic)
Fix: Show user data on log-out action (#126, Topic)
Fix: Removed unused help context in admin to resolve deprecated WP error (Topic)
Fix: PHP Notices are thrown when Debug mode is active (Topic)
Fix: Resolve jQuery Deprecation Notice and compatibility with WordPress 5.6+ (Topic)

2.5.2

Fix: Conflict with Elementor and WordPress Widgets

2.5.1

Fix! - PHP < 5.4 compatibility (Topic)

2.5.0

New! Added log to Export Personal Data tool for better GDPR Compliance (Topic)

2.4.1

Fix! - Escape title before saving to database

2.4.0

New! Export your Activity Log data records to CSV (#70)

2.3.6

Fix! - Admin table filters

2.3.5

Fix! - Added comparability for WordPress 4.8.2 & 4.7.6

2.3.4

Tweak! - Change Guest user to "N/A"

2.3.3

Fixed! - Minor XSS vulnerability, credit to Han Sahin

2.3.2

Fixed! - Minor XSS vulnerability, credit to Han Sahin

2.3.1

Tweak! - Added seconds in time column
Tweak! - Rearrange filters in list table

2.3.0

Tweak! - All translates moved to GlotPress
Tweak! - Added restore status for Posts (#46)
Tweak! - A11y changes for WordPress 4.4 which requires h1 tags (#84)
Tweak! - Allow some ajax requests just for admin

2.2.12

Tested up to WordPress v4.5

2.2.11

Tweak! - Temporarily remove Freemius SDK from the plugin

2.2.10

Tweak! Update Freemius SDK
Tested up to WordPress v4.4.2

2.2.9

Tweak! Update Freemius SDK

2.2.8

Tweak! Update Freemius SDK

2.2.7

Added! - Freemius Insights platform to improve plugin UX
Tweak! Update translate: Russian (ru_RU) - Thanks to Oleg Reznikov
Tested up to WordPress v4.4

2.2.6

Tweak! - Added sort by IP address (#77)
Tweak! - Added more actions/types in notification

2.2.5

New! - Added translate: Finnish (fi) - Thanks to Nazq (topic)
Tweak! - Better actions label in list table
Fixed! - Notice php warring in MU delete site
Tested up to WordPress v4.3

2.2.4

New! - Added translate: Czech (cs_CZ) - Thanks to Martin Kokeš (#76)

2.2.3

Tweak! - Added more filters in table list columns

2.2.2

Fixed! some PHP strict standards (PHP v5.4+)

2.2.1

Fixes from prev release

2.2.0

New! - Adds search box, to allow users to search the description field.
New! - Allows users to now filter by action
New! - Added translate: Polish (pl_PL) - Thanks to Maciej Gryniuk
Tweak! - SQL Optimizations for larger sites

2.1.16

New! Added translate: Russian (ru_RU) - Thanks to Oleg Reznikov
Fixes Undefined property with some 3td party themes/plugins
Tested up to WordPress v4.2

2.1.15

Tested up to WordPress v4.1
Change plugin name to "Activity Log"

2.1.14

New! Added translate: Persian (fa_IR) - Thanks to Promising

2.1.13

New! Added filter by User Roles (#67)

2.1.12

New! Added translate: Turkish (tr_TR) - Thanks to Ahmet Kolcu

2.1.11

Fixed! Compatible for old WP version

2.1.10

New! Now tracking when menus created and deleted
New! Added translate: Portuguese (pt_BR) - Thanks to Criação de Sites

2.1.9

New! Store all WooCommerce settings (#62)
Tested up to WordPress v4.0

2.1.8

New! Now tracking when plugins installed and updated (#59 and #43)

2.1.7

New! Now tracking when user download export file from the site (#58 and #63)

2.1.6

Tested up to WordPress v3.9.2

2.1.5

New! Now tracking when theme installed, updated, deleted (#44)

2.1.4

Fixed! Store real IP address in Proxy too (#53)

2.1.3

New! Added translate: Dutch (nl_NL) - Thanks to Tom Aalbers (#55)

2.1.2

Tweak! Update translate: Hebrew (he_IL)

2.1.1

New! Track about WordPress core update (manual or auto-updated) (#41)
New! Track post comments (created, approved, unproved, trashed, untrashed, spammed, unspammed, deleted) (#42)

2.1.0

New! Personally-tailored notifications that can be triggered by various types of events, users and action type (currently only email notifications are supported)
Bug fixes, stability improvements
Fixed an error that occurred on PHP 5.5

2.0.7

Tested up to WordPress v3.9.0

2.0.6

Fixed! Random fatal error (topic)

2.0.5

New! Register aal_init_caps filter.
Tweak! Change all methods to non-static.
Tweak! Some improved coding standards and PHPDoc.
Tweak! Split AAL_Hooks class to multiple classes.
New! Added translate: Armenia (hy_AM) - Thanks to Hayk Jomardyan.

2.0.4

Tweak! Don't allowed to access in direct files.
New! Added translate: Danish (da_DK) - Thanks to Morten Dalgaard Johansen

2.0.3

New! Record when widgets change orders.

2.0.2

New! Save more Options:
General
Writing
Reading
Discussion
Media
Permalinks

2.0.1

New! filter for disable erase all the log
Bugs fixed

2.0.0

Added Screen Options
New! Ability to select a number of activity items per page
New! Columns are now sortable
Added filter by date - All Time, Today, Yesterday, Week, Month
Added Avatar to author
Added role for author
Added log for activeted theme
Re-order Culoumns
Compatible up to 3.8.1
Settings page is now accessible directly from Activity Log's menu
Keep your log for any time your wants
Delete Log Activities from Database.
Bugs fixed

1.0.8

Added translate: Serbo-Croatian (sr_RS) - Thanks to Borisa Djuraskovic.

1.0.7

Added 'view_all_aryo_activity_log' user capability (topic).

1.0.6

Added WooCommerce integration (very basic).
Added Settings link in plugins page.

1.0.5

Fix - Make sure no save double lines (menu taxonomy / post).

1.0.4

Added Taxonomy type (created, updated, deleted).

1.0.3

Added Multisite compatibility.
Added Options hooks (limit list, you can extend by simple filter).
Added Menu hooks.
Tweak - Ensure no duplicate logs..

1.0.2

Forget remove old .pot file

1.0.1

Added translate: German (de_DE) - Thanks to Robert Harm
Added translate: Hebrew (he_IL)
Plugin name instead of file name on activation/deactivation
New Hooks:
A widget is being deleted from a sidebar
A plugin is being changed
Theme Customizer (Thanks to Ohad Raz)

1.0

Blastoff!

activity-log's People

Contributors

Stargazers

Watchers

activity-log's Issues

integration Slack

Hello, please do integration with Slack

Delete specific entries

Delete specific entries from log, and add delete with bulk actions.

Doesn't work with Custom Posts

Great plugin - much lighter impact and with nicer UI than others I've used.

However, I have an issue whereby user activity is not being recorded in the logs. It's a fairly heavily customised site - using Custom Post Types, Advanced Custom Fields (ACF) and Capability Manager. The majority of my users are a custom capability with "Level 7" and have access only to two custom post types. All activity from an admin is logged properly but custom capability users only log their logged in / logged out activity. Bizarrely though, I've enabled an email notification and this works properly e.g. I get an email every time one of the custom capability users updates a post, creates a post, etc.

Any idea what's happening? Without being able to track exactly what editing is taking place I can't continue using this plugin for what I need.

Thanks very much.

Ben

Auto table reload with WordPress HeartBeat API

References:
https://core.trac.wordpress.org/ticket/23216
http://code.tutsplus.com/tutorials/the-heartbeat-api-getting-started--wp-32446
http://pippinsplugins.com/using-the-wordpress-heartbeat-api/

aal_insert_log not showing data

Hi, i am trying to implement log into my plugins, but not see the entry in the activity log table. I insert using the function aal_insert_log, i check the database and the data is there. I missing something, with the args in the aal_insert_log function is enough to go? Thank in advantage of your help.

Multisite Support

Notification Events: add rule "OR"

Ref: https://wordpress.org/support/topic/this-is-great-but-needs-improvement

Idea: When activating plugin, fill in previous activity

We oftentimes find that we have to install this on a clients' site after something has gone wrong. It would be great if there was an option to pre-populate ARYO logs with basic data (when posts were created, revisions, maybe a way to trace plugin installs?) to help trace issues.

This could be a button and not an automatic action so that it wouldn't kill large installs.

Thanks for all your great work on this plugin!

2.2.8 errors: Trying to get property of non-object

Hi,

My debug.log file is spammed from yesterday's update with following:

[23-Jan-2016 20:03:19 UTC] PHP Notice:  Trying to get property of non-object in /home/[...]/wordpress/wp-content/plugins/aryo-activity-log/classes/freemius/includes/class-fs-api.php on line 161

[23-Jan-2016 20:03:19 UTC] PHP Notice:  Trying to get property of non-object in /home/[...]/wordpress/wp-content/plugins/aryo-activity-log/classes/freemius/includes/class-fs-api.php on line 178

And

[23-Jan-2016 20:10:35 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/[...]/wordpress/wp-content/plugins/aryo-activity-log/classes/freemius/includes/class-fs-api.php:161) in /home/[...]/wordpress/wp-content/themes/zschocianow/header.php on line 62

I use in header.php only setcookie() before and after line 62. There were no such error before.

Greetings

Activity log better for Themes

Add track after: Updated | Deleted | Installed | Activated | Deactivated

Now it's track just for: Activated or Deactivated

Could someone please provide a quick example how to record this action?

This is the third time over the past year I have come back to this plugin, primarily due to its slick visual organization while meeting nearly 98% of my requirements. The problem I am having here is that I simply can't figure out the proper method to create a custom action trigger entry for my specific situation.

Let me point out in advance that I am well aware that what I aim to track would likely be incapable of scaling properly to more than a few concurrent users at a time and this is perfectly fine for my situation... I simply need a basic example of how it can be done.

The nature of my situation involves a custom wordpress website which is only accessible to about 50 individuals each of which need an existing pre approved wp user account to access the site. What I need to be able to do here is simply record every single page view on this domain for each of these users. Ideally I would like the information which gets recorded to include very basic information including date/timestamp, page title, post type name, any associated categories, tags, taxonomies and potentially some specific custom field value. The purpose of these logged pageviews simply need to allow the user to view his own activity and filter/sort it and allow an admin to do the same for all or a single user.

Could someone who has some basic experience with this plugin please provide a basic example of how to achieve this basic functionality?

Thanks in advance!

Monitoring Pages

Looks like you have quite an interesting plugin! I was wondering if you had plans to add page tracking as well, or if you already include it and it just doesn't show in the documentation.

Thanks!

Add hook for Comments

Approved / Unapproved | Edited | Spammed | Trashed

Filter by IP

From WordPress support:

Is there a way to filter log entries by IP to see what all requests are coming from single IP?

romancos

Activity log better for Plugins

Add track after: Updated | Deleted | Installed | Activated | Deactivated

Now it's track just for: Activated or Deactivated

Better store options from WC?

We can touch all WC options from this filter: https://github.com/woothemes/woocommerce/blob/master/includes/admin/class-wc-admin-settings.php#L42

I just need to think how to do this right.

Add filter by User Roles

Topic: https://wordpress.org/support/topic/filter-out-users-by-their-role

Added jshint validator in our Gruntfile.js

Feature Request

Would love to be able to SORT by the IP Address column. This would enable the following scenario:

Filter by "wrong_password"
Sort by IP Address
See who the worst offenders of the wrong_password are so we can add them to a banned IP list.

Thanks!

Admin screen heading tags with WordPress 4.4

The software uses incorrect headings in admin screens. See https://make.wordpress.org/core/2015/10/28/headings-hierarchy-changes-in-the-admin-screens/ for more.

Set notification for User A OR User B

Hi. Great plugin!

One request: I wish to be notified when unregistered users visit. Is there a way to set the notification to use an OR function, rather than just the AND? So I can be notified if the user is NOT Admin A OR Admin B.

Also, can I set this up to be notified if the user is GUEST? Thanks, ab

Send notification in X hours?

I just think it's very spam for now to send email per log changes. The better way need to save queue in the cache (maybe in wp_options?), and send per X hours all the activity.

@maor What you think about this?

Best,
Yakir

Feature Request: Identify User Agent

This is a really useful plugin! Thanks!

I had an issue recently where some users could not login, but others could. It turned out that all those who could not login were using Firefox; other users were unaffected.

Would it be possible to identify the user agent when someone tries to login (whether successfully or not)?

Thanks for considering this!

Plugin Updates

Which plugin changes are exactly being logged? I was under the impression it would log plugin updates, but it does not. Please advise!

Extend to support plugins

Great plugin!
With a little work I think this plugin could be a base plugin / alternative for many developer that hack their own notification and logging system.

It would be really nice if you can extend your api / hooks to allow plugins to use the logger.

I create a plugin that e.g. run cron-jobs and i want to save different custom events and enable to select them for notification. At the moment that is not possible.

The notification need some attributes like: notify when this event occured 10 times, or notfiy once per day / week / month....

Export is missing in classes/class-aal-notifications.php::get_object_types

Control access to view the activity log

It would be helpful to choose the roles allowed to view the activity log. Even if it's just a select form element and the selected role and higher are allowed to view the activity log.

Implement a new notification handler: Twilio SMS

We should implement this SMS gateway as a notification handler
http://www.twilio.com/sms

Screenshot not found

Just to let you know

WordPress Export?

I think we need to know when any user use with export tools from WordPress.

@maor & @arielk what you think about this?

LESS support?

Lots of "guest logged out" in a row

On one site in particular, I'm getting a bunch of the following records in a row and I can't figure out where they would be coming from since guests can't be logged in and there's usually about 10 in a row? Have you guys seen this before? If not, feel free to ignore but was hoping someone else had hit this previously.

Guest 173.230.132.230 User Logged Out

ManageWP requests are logged with wrong username

I'm using ManageWP to manage my sites and I just discovered that all requests from that system are logged with first admin account available. At first it was an account with ID 1, then I deleted it and now it's logging with user ID 2.

Posts are deleted by Guest

Hi,

Not sure why but it seems the delete post action are recorded as Guest

Authenticated Information Disclosure Vulnerability

The AJAX accessible function ajax_aal_get_properties(), in the file /classes/class-aal-settings.php, is accessible to any logged in user despite it looking like it is only intended to be accessed by Administrator level users. Through that certain non-public information on the users of the website can be disclosed.

Add hook for WordPress core upgrade

Fatal error from undefined function _draft_or_post_title()

I'm getting a fatal error on two separate websites using ARYO. The errors only appear to be showing at random times - I can only attest to what is happening on one of the sites - I was creating a post using Gravity Forms + Custom Post Types. The other site doesn't even use the plugin so not sure what triggered it there. Here's the two errors.

Fatal error: Call to undefined function _draft_or_post_title() in /home/pastures/public_html/wp-content/plugins/aryo-activity-log/hooks/class-aal-hook-posts.php on line 38

[05-Mar-2014 15:44:56] PHP Fatal error: Call to undefined function _draft_or_post_title() in /home/otm/public_html/wp-content/plugins/aryo-activity-log/hooks/class-aal-hook-posts.php on line 60

Let me know if I can provide any more helpful information!

Notification type: HTTP hook

Hello,

Instead of only an email notification, I would like to request an HTTP hook notification. This would be superb.

For example I would set up a notification to that would make an HTTP Post request to http://example.com/updated when a update is made in WordPress.

Thank you
Ross

Setting access log per Roles and Capabilities

Setting:

New Tab: Permissions

Access log: (Checkbox)

Super Admin (MU)*
Administrator*
Editor
Author
Contributor
Subscriber

*Default

You can improve this feature with those options:

Allow access log for specific Users: (Select User + Repeater)
Disable access log for specific Users: (Select User + Repeater)

Using Varnish or ngnix as a proxy will always return ip as 127.0.0.1

Hi guys,
I have a few sites that the IP recorded for each activity is always 127.0.0.1 instead of the real user/guest IP.

It took me a while but I found that the one thing they have in common is that they were all served using a proxy either ngnix or varnish.

which makes sense because the server (apache or ngnix) gets the request from the proxy (varnish or ngnix) which is on the same machine and that is why i get the local host IP (127.0.0.1) as user IP which is actually wrong.

looking at the code this line in specific is the problematic one
https://github.com/KingYes/wordpress-aryo-activity-log/blob/master/classes/class-aal-api.php#L55

A better way to get the real IP even in the case of a proxy you should first look in the
$_SERVER['HTTP_CLIENT_IP'] var then in the $_SERVER['HTTP_X_FORWARDED_FOR']
and only then in the $_SERVER['REMOTE_ADDR']

for example:

function get_real_ip(){
    if (!empty($_SERVER['HTTP_CLIENT_IP'])){
        return $_SERVER['HTTP_CLIENT_IP'];
    }else if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { 
        return $_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    return $_SERVER['REMOTE_ADDR'];
}

thanks.
Happy Yom haatzmaut;

MU: Cannot get current 'caps' for Super Admin.

Hi all.
I just want find a good way to get caps for Super Admin with register to current blog.

Anyone know how fix this?

Thanks.
Yakir.

What's the best way to restrict logging?

Basically, we don't want to track all of the data that is being tracked by default because it's not all useful to us and we'd rather keep the logs as lightweight as possible.

I had a quick read-through of the plugin and I found a few different areas that seem like they're designed to allow developers to limit what is and isn't tracked, but I'm not 100% sure what the best way to approach this is.

Could you provide any example code or just point me in the right direction for what needs to be filtered within the plugin to accomplish this?

Support Add, Edit & Delete of Taxonomy Terms.

This is a feature request to support logging of the addition, edits and deletion of native WordPress Tags & Categories as well as any custom taxonomies.

Great, simple plug-in. Thank you.

Trashed & Deleted & Restore for Posts (Pages/CPT)

Post/Page/Another CPT - if i move post to Trash - in log write "Deleted" and if i permanently deleted from Trash also write "Deleted". it's not true.

You can need to change this to: Trashed (move to trash) | Deleted (permanently deleted) | Restore (from trash)

As well as monitor (do logging) of one or more specific tables in a Wordpress database (not the standard tables WP)?

Hi,

As well as monitor (do logging) of one or more specific tables in a Wordpress database, but have created part (not the standard tables WP)?

I need (date, time , user, action , etc.) register inclusion, change and exclusion des all table fields .

Is it possible to do that? If yes, how?

Feature Request: Aggregate Logs of Several Installations

Please add features so it is possible to aggregate logs from multiple WP installations to some standard log aggregation tools like e.g. Logstash or fluentd - THANKS!

Export data

Add button export data to CSV file. It's very useful for old data backup.

Users Online

Show who user now in dashboard

like: http://wordpress.org/plugins/wp-useronline/
But on dashboard.

Excluding specific users from appearing in the log

Great plugin! It's very handy, no hassle, easy to use.

I don't know whether this would be at all possible, but I am currently clogging the activity log with my own log-ins, so I often have to scroll down several pages in order to see other users who have logged into the website. Would it be possible to exclude a user, in this case myself, from the list?

Logging to syslog for fail2ban integration

Hi,
First, I use your plugin a lot. thank you for it.
Second, I use fail2ban on my server and I made a small change on your plugin to log to syslog when a wrong password is entered. Than I created fail2ban filter and action to ban the IP accordingly.

If you guys could include this piece of code in your development, that would be great as I wouldn't be worried about updating the plugin and you could also advertise the feature of fail2ban integration.

I added a piece of code just before the: $this -> _delete_old_items(); in the function insert( $args ) in the class-aal-api.php file. You probably could do a better job as the plugin creator ;)

Here is the code I added:

if ($args['action'] == "wrong_password") {
                $siteUrl = explode("//", get_site_url());
                openlog($siteUrl[1], LOG_PID, LOG_AUTH);
                syslog(LOG_NOTICE,"Authentication failure for ". $args['object_name'] ." from ".$args['hist_ip']);
                closelog();
        }

The filter wordpress.conf:

# Fail2Ban configuration file
#
# Author: Igor Almeida
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


[Definition]

_daemon = wordpress

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = Authentication failure for .* from <HOST>

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

And the jail snippet to insert into jail.local:

[wordpress]
enabled  = true
filter   = wordpress
port     = http,https
logpath  = /var/log/auth.log
maxretry = 2
banaction = iptables-allports

Thank you,
Igor Almeida