Git Product home page Git Product logo

activity-log's Introduction

Activity Log - Monitor & Record User Changes Build Status Dependency Status WordPress WordPress WordPress WordPress Built with Grunt

Contributors: elemntor, KingYes, ariel.k, maor
Tags: Activity Log, User Log, Audit Log, Security, Email Log,
Requires at least: 6.0
Requires PHP: 7.0
Tested up to: 6.5
Stable tag: 2.10.1
License: GPLv2 or later

This top rated Activity Log plugin helps you monitor & log all changes and actions on your WordPress site, so you can remain secure and organized.

Description

AN EASY TO USE & FULLY SUPPORTED WORDPRESS ACTIVITY LOG PLUGIN

Want to monitor and track your WordPress website activity? Find out exactly who does what on your WordPress website with this plugin. Activity Log is like an airplane’s black box that logs every action in the WordPress admin, and lets you see exactly what users are doing on your WordPress website.

  • If someone is trying to hack your site
  • When a post was published, and who published it
  • If a plugin/theme was activated/deactivated
  • Suspicious admin activity

It’s so essential; you’ll wonder how you ever managed your website without it. The plugin is also lightning fast and works behind the scenes, so it doesn\’t affect site and admin performance. For optimal performance, we built the plugin so that it runs on a separate table in the database.

If you have more than a handful of users, keeping track of who did what is virtually impossible. This plugin solves that issue by tracking what actions were initiated by which users, and displaying it in an easy-to-use and easy-to-filter view on the dashboard of your WordPress site.

New! Introducing Email Logging - Capture all emails sent from your WordPress site for streamlined debugging and compliance. Gain better visibility into email communication, aiding both troubleshooting and record-keeping. This is particularly beneficial for WooCommerce stores, allowing you to easily track sent emails alongside other critical site events.

Export to CSV - Export your Activity Log data records to CSV. Developers can easily add support for custom data formats with our new dedicated Export API.

Data Privacy and GDPR Compliance - We provide the tools to help you adhere to GDPR compliance standards, including Export/Erasure of data via the WordPress Privacy Tools.

With the Activity Log you can record:

  • WordPress - Core updates
  • Posts - Created, updated, deleted
  • Pages - Created, updated, deleted
  • Custom Post Type - Created, updated, deleted
  • Tags - Created, updated, deleted
  • Categories - Created, updated, deleted
  • Taxonomies - Created, updated, deleted
  • Menus - Created, updated, deleted
  • Media - Created, updated, deleted
  • Comments - Created, approved, unapproved, trashed, untrashed, spammed, unspammed, deleted
  • Users - Login, logout, login failed, update profile, registered, deleted
  • Plugins - Installed, updated, activated, deactivated, changed
  • Themes - Installed, updated, deleted, activated, changed (Editor and Customizer)
  • Widgets - Added to sidebar, deleted from sidebar, order widgets
  • Setting - General, writing, reading, discussion, media, permalinks
  • Options - Extended custom settings for 3rd party plugins
  • Export - Exported activity log file
  • WooCommerce - Track products, orders, customers, and more
  • bbPress - Forums, topics, replies, taxonomies, and other actions
  • Emails sent from WordPress site - Sending successful, sending failed
  • There’s more, of course, but you get the point...

For each event recorded by the activity log, the following details are also logged:

  • Date and time of occurrence
  • User and user role responsible for the change
  • Source IP address from which the change originated
  • Affected object where the change occurred

The plugin doesn\’t require any kind of setup; it works right out of the box (just another reason people love it)!

Data Storage and Performance Optimization

In order to ensure optimal performance of your website, all events and logs data are stored in a dedicated custom table within your WordPress database. This approach significantly reduces the impact on your website's performance, ensuring seamless operation even during peak traffic periods.

Uninstall Clean-up

We understand the importance of maintaining a clean and efficient database environment. That's why our plugin features an uninstall hook that seamlessly removes all traces of its presence from your website when uninstalling. This meticulous clean-up process ensures that your database remains lean and clutter-free even after our plugin has been removed.

With our optimized data storage, thorough logging, and meticulous clean-up process, you can trust that our plugin will enhance the functionality and security of your WordPress site without compromising its performance.

What users have to say

  • “Its tools, particularly for data privacy and GDPR compliance, make it indispensable for websites operating within European Union boundaries or dealing with EU citizens’ data” - HubSpot.com
  • “If you’re after a competent WP security audit log plugin with all the basic features you need, Activity Log is it!” - WPAstra.com
  • “Activity Log features a remarkably straightforward dashboard interface, providing administrators with an at-a-glance understanding of site interactions” - Malcare.com
  • “Best 10 Free WordPress Plugins of the Month: Keeping tabs on what your users do with their access to the Dashboard” - ManageWP.com
  • “Thanks to this step, we’ve discovered that our site was undergoing a brute force attack” - Artdriver.com
  • “Optimized code – The plugin itself is blazing fast and leaves almost no footprint on the server” - FreshTechTips.com
  • “Activity Log lets you track a huge range of activities. Overall, very easy to use and setup” - ElegantThemes.com

Contributions:

Would you like to contribute to this plugin? You’re more than welcome to submit your pull requests on the [GitHub repo](https://github.com/pojome/activity-log). And, if you have any notes about the code, please open a ticket on the issue tracker.

Installation

  1. Upload plugin files to your plugins folder, or install using WordPress' built-in Add New Plugin installer
  2. Activate the plugin
  3. Go to the plugin page (under Dashboard > Activity Log)

Screenshots

  1. The log viewer page
  2. The settings page
  3. Screen Options

Frequently Asked Questions

Requirements

  • Requires PHP 7.0 for list management functionality.

What is the plugin license?

  • This plugin is released under a GPL license.

Can I export logs?

  • You can easily export logs with Activity Log. We also support exporting filtered results. Filter by the time the action took place, roles, users, options, action type, and more.

Changelog

2.10.1 - 2024-04-17

  • Tweak: Add option to not keep email logs (Topic)

2.10.0 - 2024-04-08

  • New: Introducing Email Logging - Capture all emails sent from your WordPress site
  • Tweak: Added filter to change menu page capability (#205)
  • Tweak: Set the date display on CSV export file according to WordPress settings (#204)

2.9.2 - 2024-03-18

  • Tweak: Added an aal_skip_insert_log filter to skip record on demand (Topic)

2.9.1 - 2024-02-21

  • Tweak: Temporarily removed WC integration while working on updated support in the future

2.9.0 - 2023-11-22

  • New: Added log when plugin is deleted (Topic)
  • Tweak: Added an option to "Do not collect IP" in the log (#195)

2.8.8 - 2023-08-20

  • Tweak: Added aal_export_csv_separator filter to change the separator in CSV export (Topic)
  • Tweak: Added Visitor IP Detected to prevent IP manipulations in log

2.8.7 - 2023-07-30

  • Tweak: Remove Elementor Promotion from Activity Log plugin
  • Tweak: Added support for non-standard WordPress loading (Topic)
  • Fix: Logs kept for longer than settings (Topic, #178)

2.8.6 - 2023-05-08

  • Tweak: Improved database performance for new installations by adding indexes
  • Fix: Added compatibility for PHP 8.1 (#180)

2.8.5 - 2022-11-21

  • Tweak: Now the date/time format is displayed according to the site settings (Topic)
  • Fix: Added compatibility for PHP 8.1 (Topic)
  • Fix: Add input sanitization to avoid security issues

2.8.4 - 2022-09-04

  • Tweak: Added Activity Log setting to records log
  • Tweak: Added encoded value in CSV file (#165)

2.8.3 - 2022-03-09

  • Tweak: Run Clear old items from DB once daily to avoid unexpected errors (#156)

2.8.2 - 2022-01-25

  • Fix: Auto-updates of core, plugins and themes are not registered to the log (#155, props @nicomollet)

2.8.1 - 2021-12-01

  • Fix: Activity log database table not being dropped after deleting the plugin in multisite installation

2.8.0 - 2021-11-17

  • New: Added Privacy Settings to records log
  • New: Added Site Language to records log
  • New: Added a filter link to Topic, IP, Date, User and Action in the log table screen
  • Tweak: Aligned Topics to be in plural instead of singular
  • Fix: Filter by users dropdown on activity page threw a timeout error in some cases (#141)
  • Fix: CSV Export issue with comma separated values (Topic)

2.7.0 - 2021-05-06

  • New: Added an option to skip or keep the failed login logs for better optimization (#125)
  • Tweak: Improved the activity log table with clear labels and re-order columns for better UX
  • Tweak: Changed the wrong_password action to failed_login in User topic
  • Tweak: Changed the added action to uploaded in Attachment topic
  • Tweak: Changed the created action to registered in User topic
  • Fix: Add input sanitization to avoid security issues

2.6.1 - 2021-02-15

  • Fix: Conflict with WooCommerce while you using new block editor

2.6.0 - 2020-10-19

  • Tweak: Added support for CloudFlare and CloudFlare Enterprise client IP header (#133)
  • Tweak: Added browser confirmation to Reset Database option
  • Tweak: Notification tab is now deprecated for new installations
  • Tweak: Added support for displaying custom role activity log (#78, #135, Topic, Topic)
  • Fix: Show user data on log-out action (#126, Topic)
  • Fix: Removed unused help context in admin to resolve deprecated WP error (Topic)
  • Fix: PHP Notices are thrown when Debug mode is active (Topic)
  • Fix: Resolve jQuery Deprecation Notice and compatibility with WordPress 5.6+ (Topic)

2.5.2

  • Fix: Conflict with Elementor and WordPress Widgets

2.5.1

  • Fix! - PHP < 5.4 compatibility (Topic)

2.5.0

  • New! Added log to Export Personal Data tool for better GDPR Compliance (Topic)

2.4.1

  • Fix! - Escape title before saving to database

2.4.0

  • New! Export your Activity Log data records to CSV (#70)

2.3.6

  • Fix! - Admin table filters

2.3.5

  • Fix! - Added comparability for WordPress 4.8.2 & 4.7.6

2.3.4

  • Tweak! - Change Guest user to "N/A"

2.3.3

  • Fixed! - Minor XSS vulnerability, credit to Han Sahin

2.3.2

  • Fixed! - Minor XSS vulnerability, credit to Han Sahin

2.3.1

  • Tweak! - Added seconds in time column
  • Tweak! - Rearrange filters in list table

2.3.0

  • Tweak! - All translates moved to GlotPress
  • Tweak! - Added restore status for Posts (#46)
  • Tweak! - A11y changes for WordPress 4.4 which requires h1 tags (#84)
  • Tweak! - Allow some ajax requests just for admin

2.2.12

  • Tested up to WordPress v4.5

2.2.11

  • Tweak! - Temporarily remove Freemius SDK from the plugin

2.2.10

  • Tweak! Update Freemius SDK
  • Tested up to WordPress v4.4.2

2.2.9

  • Tweak! Update Freemius SDK

2.2.8

  • Tweak! Update Freemius SDK

2.2.7

  • Added! - Freemius Insights platform to improve plugin UX
  • Tweak! Update translate: Russian (ru_RU) - Thanks to Oleg Reznikov
  • Tested up to WordPress v4.4

2.2.6

  • Tweak! - Added sort by IP address (#77)
  • Tweak! - Added more actions/types in notification

2.2.5

  • New! - Added translate: Finnish (fi) - Thanks to Nazq (topic)
  • Tweak! - Better actions label in list table
  • Fixed! - Notice php warring in MU delete site
  • Tested up to WordPress v4.3

2.2.4

  • New! - Added translate: Czech (cs_CZ) - Thanks to Martin Kokeš (#76)

2.2.3

  • Tweak! - Added more filters in table list columns

2.2.2

  • Fixed! some PHP strict standards (PHP v5.4+)

2.2.1

  • Fixes from prev release

2.2.0

  • New! - Adds search box, to allow users to search the description field.
  • New! - Allows users to now filter by action
  • New! - Added translate: Polish (pl_PL) - Thanks to Maciej Gryniuk
  • Tweak! - SQL Optimizations for larger sites

2.1.16

  • New! Added translate: Russian (ru_RU) - Thanks to Oleg Reznikov
  • Fixes Undefined property with some 3td party themes/plugins
  • Tested up to WordPress v4.2

2.1.15

  • Tested up to WordPress v4.1
  • Change plugin name to "Activity Log"

2.1.14

  • New! Added translate: Persian (fa_IR) - Thanks to Promising

2.1.13

  • New! Added filter by User Roles (#67)

2.1.12

  • New! Added translate: Turkish (tr_TR) - Thanks to Ahmet Kolcu

2.1.11

  • Fixed! Compatible for old WP version

2.1.10

  • New! Now tracking when menus created and deleted
  • New! Added translate: Portuguese (pt_BR) - Thanks to Criação de Sites

2.1.9

  • New! Store all WooCommerce settings (#62)
  • Tested up to WordPress v4.0

2.1.8

  • New! Now tracking when plugins installed and updated (#59 and #43)

2.1.7

  • New! Now tracking when user download export file from the site (#58 and #63)

2.1.6

  • Tested up to WordPress v3.9.2

2.1.5

  • New! Now tracking when theme installed, updated, deleted (#44)

2.1.4

  • Fixed! Store real IP address in Proxy too (#53)

2.1.3

2.1.2

  • Tweak! Update translate: Hebrew (he_IL)

2.1.1

  • New! Track about WordPress core update (manual or auto-updated) (#41)
  • New! Track post comments (created, approved, unproved, trashed, untrashed, spammed, unspammed, deleted) (#42)

2.1.0

  • New! Personally-tailored notifications that can be triggered by various types of events, users and action type (currently only email notifications are supported)
  • Bug fixes, stability improvements
  • Fixed an error that occurred on PHP 5.5

2.0.7

  • Tested up to WordPress v3.9.0

2.0.6

  • Fixed! Random fatal error (topic)

2.0.5

  • New! Register aal_init_caps filter.
  • Tweak! Change all methods to non-static.
  • Tweak! Some improved coding standards and PHPDoc.
  • Tweak! Split AAL_Hooks class to multiple classes.
  • New! Added translate: Armenia (hy_AM) - Thanks to Hayk Jomardyan.

2.0.4

  • Tweak! Don't allowed to access in direct files.
  • New! Added translate: Danish (da_DK) - Thanks to Morten Dalgaard Johansen

2.0.3

  • New! Record when widgets change orders.

2.0.2

  • New! Save more Options:
  • General
  • Writing
  • Reading
  • Discussion
  • Media
  • Permalinks

2.0.1

  • New! filter for disable erase all the log
  • Bugs fixed

2.0.0

  • Added Screen Options
  • New! Ability to select a number of activity items per page
  • New! Columns are now sortable
  • Added filter by date - All Time, Today, Yesterday, Week, Month
  • Added Avatar to author
  • Added role for author
  • Added log for activeted theme
  • Re-order Culoumns
  • Compatible up to 3.8.1
  • Settings page is now accessible directly from Activity Log's menu
  • Keep your log for any time your wants
  • Delete Log Activities from Database.
  • Bugs fixed

1.0.8

1.0.7

  • Added 'view_all_aryo_activity_log' user capability (topic).

1.0.6

  • Added WooCommerce integration (very basic).
  • Added Settings link in plugins page.

1.0.5

  • Fix - Make sure no save double lines (menu taxonomy / post).

1.0.4

  • Added Taxonomy type (created, updated, deleted).

1.0.3

  • Added Multisite compatibility.
  • Added Options hooks (limit list, you can extend by simple filter).
  • Added Menu hooks.
  • Tweak - Ensure no duplicate logs..

1.0.2

  • Forget remove old .pot file

1.0.1

  • Added translate: German (de_DE) - Thanks to Robert Harm
  • Added translate: Hebrew (he_IL)
  • Plugin name instead of file name on activation/deactivation
  • New Hooks:
  • A widget is being deleted from a sidebar
  • A plugin is being changed
  • Theme Customizer (Thanks to Ohad Raz)

1.0

  • Blastoff!

activity-log's People

Contributors

arielk avatar bainternet avatar eirachris avatar illuminea avatar iosoftgame avatar jaywood avatar kingyes avatar maor avatar matipojo avatar neeraj-m avatar odie2 avatar pedro-mendonca avatar shr3k avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

activity-log's Issues

Export data

Add button export data to CSV file. It's very useful for old data backup.

Plugin Updates

Which plugin changes are exactly being logged? I was under the impression it would log plugin updates, but it does not. Please advise!

Using Varnish or ngnix as a proxy will always return ip as 127.0.0.1

Hi guys,
I have a few sites that the IP recorded for each activity is always 127.0.0.1 instead of the real user/guest IP.

It took me a while but I found that the one thing they have in common is that they were all served using a proxy either ngnix or varnish.

which makes sense because the server (apache or ngnix) gets the request from the proxy (varnish or ngnix) which is on the same machine and that is why i get the local host IP (127.0.0.1) as user IP which is actually wrong.

looking at the code this line in specific is the problematic one
https://github.com/KingYes/wordpress-aryo-activity-log/blob/master/classes/class-aal-api.php#L55

A better way to get the real IP even in the case of a proxy you should first look in the
$_SERVER['HTTP_CLIENT_IP'] var then in the $_SERVER['HTTP_X_FORWARDED_FOR']
and only then in the $_SERVER['REMOTE_ADDR']

for example:

function get_real_ip(){
    if (!empty($_SERVER['HTTP_CLIENT_IP'])){
        return $_SERVER['HTTP_CLIENT_IP'];
    }else if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { 
        return $_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    return $_SERVER['REMOTE_ADDR'];
}

thanks.
Happy Yom haatzmaut;

Feature Request: Identify User Agent

This is a really useful plugin! Thanks!

I had an issue recently where some users could not login, but others could. It turned out that all those who could not login were using Firefox; other users were unaffected.

Would it be possible to identify the user agent when someone tries to login (whether successfully or not)?

Thanks for considering this!

Fatal error from undefined function _draft_or_post_title()

I'm getting a fatal error on two separate websites using ARYO. The errors only appear to be showing at random times - I can only attest to what is happening on one of the sites - I was creating a post using Gravity Forms + Custom Post Types. The other site doesn't even use the plugin so not sure what triggered it there. Here's the two errors.

Fatal error: Call to undefined function _draft_or_post_title() in /home/pastures/public_html/wp-content/plugins/aryo-activity-log/hooks/class-aal-hook-posts.php on line 38

[05-Mar-2014 15:44:56] PHP Fatal error: Call to undefined function _draft_or_post_title() in /home/otm/public_html/wp-content/plugins/aryo-activity-log/hooks/class-aal-hook-posts.php on line 60

Let me know if I can provide any more helpful information!

Lots of "guest logged out" in a row

On one site in particular, I'm getting a bunch of the following records in a row and I can't figure out where they would be coming from since guests can't be logged in and there's usually about 10 in a row? Have you guys seen this before? If not, feel free to ignore but was hoping someone else had hit this previously.

Guest 173.230.132.230 User Logged Out

Idea: When activating plugin, fill in previous activity

We oftentimes find that we have to install this on a clients' site after something has gone wrong. It would be great if there was an option to pre-populate ARYO logs with basic data (when posts were created, revisions, maybe a way to trace plugin installs?) to help trace issues.

This could be a button and not an automatic action so that it wouldn't kill large installs.

Thanks for all your great work on this plugin!

aal_insert_log not showing data

Hi, i am trying to implement log into my plugins, but not see the entry in the activity log table. I insert using the function aal_insert_log, i check the database and the data is there. I missing something, with the args in the aal_insert_log function is enough to go? Thank in advantage of your help.

Doesn't work with Custom Posts

Great plugin - much lighter impact and with nicer UI than others I've used.

However, I have an issue whereby user activity is not being recorded in the logs. It's a fairly heavily customised site - using Custom Post Types, Advanced Custom Fields (ACF) and Capability Manager. The majority of my users are a custom capability with "Level 7" and have access only to two custom post types. All activity from an admin is logged properly but custom capability users only log their logged in / logged out activity. Bizarrely though, I've enabled an email notification and this works properly e.g. I get an email every time one of the custom capability users updates a post, creates a post, etc.

Any idea what's happening? Without being able to track exactly what editing is taking place I can't continue using this plugin for what I need.

Thanks very much.

Ben

Trashed & Deleted & Restore for Posts (Pages/CPT)

Post/Page/Another CPT - if i move post to Trash - in log write "Deleted" and if i permanently deleted from Trash also write "Deleted". it's not true.

You can need to change this to: Trashed (move to trash) | Deleted (permanently deleted) | Restore (from trash)

Activity log better for Themes

Add track after: Updated | Deleted | Installed | Activated | Deactivated

Now it's track just for: Activated or Deactivated

Extend to support plugins

Great plugin!
With a little work I think this plugin could be a base plugin / alternative for many developer that hack their own notification and logging system.

It would be really nice if you can extend your api / hooks to allow plugins to use the logger.

I create a plugin that e.g. run cron-jobs and i want to save different custom events and enable to select them for notification. At the moment that is not possible.

The notification need some attributes like: notify when this event occured 10 times, or notfiy once per day / week / month....

Export is missing in classes/class-aal-notifications.php::get_object_types

Authenticated Information Disclosure Vulnerability

The AJAX accessible function ajax_aal_get_properties(), in the file /classes/class-aal-settings.php, is accessible to any logged in user despite it looking like it is only intended to be accessed by Administrator level users. Through that certain non-public information on the users of the website can be disclosed.

Support Add, Edit & Delete of Taxonomy Terms.

This is a feature request to support logging of the addition, edits and deletion of native WordPress Tags & Categories as well as any custom taxonomies.

Great, simple plug-in. Thank you.

2.2.8 errors: Trying to get property of non-object

Hi,

My debug.log file is spammed from yesterday's update with following:

[23-Jan-2016 20:03:19 UTC] PHP Notice:  Trying to get property of non-object in /home/[...]/wordpress/wp-content/plugins/aryo-activity-log/classes/freemius/includes/class-fs-api.php on line 161

[23-Jan-2016 20:03:19 UTC] PHP Notice:  Trying to get property of non-object in /home/[...]/wordpress/wp-content/plugins/aryo-activity-log/classes/freemius/includes/class-fs-api.php on line 178

And

[23-Jan-2016 20:10:35 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/[...]/wordpress/wp-content/plugins/aryo-activity-log/classes/freemius/includes/class-fs-api.php:161) in /home/[...]/wordpress/wp-content/themes/zschocianow/header.php on line 62

I use in header.php only setcookie() before and after line 62. There were no such error before.

Greetings

Activity log better for Plugins

Add track after: Updated | Deleted | Installed | Activated | Deactivated

Now it's track just for: Activated or Deactivated

Excluding specific users from appearing in the log

Great plugin! It's very handy, no hassle, easy to use.

I don't know whether this would be at all possible, but I am currently clogging the activity log with my own log-ins, so I often have to scroll down several pages in order to see other users who have logged into the website. Would it be possible to exclude a user, in this case myself, from the list?

Monitoring Pages

Looks like you have quite an interesting plugin! I was wondering if you had plans to add page tracking as well, or if you already include it and it just doesn't show in the documentation.

Thanks!

Control access to view the activity log

It would be helpful to choose the roles allowed to view the activity log. Even if it's just a select form element and the selected role and higher are allowed to view the activity log.

Feature Request

Would love to be able to SORT by the IP Address column. This would enable the following scenario:

  1. Filter by "wrong_password"
  2. Sort by IP Address
  3. See who the worst offenders of the wrong_password are so we can add them to a banned IP list.

Thanks!

Logging to syslog for fail2ban integration

Hi,
First, I use your plugin a lot. thank you for it.
Second, I use fail2ban on my server and I made a small change on your plugin to log to syslog when a wrong password is entered. Than I created fail2ban filter and action to ban the IP accordingly.

If you guys could include this piece of code in your development, that would be great as I wouldn't be worried about updating the plugin and you could also advertise the feature of fail2ban integration.

I added a piece of code just before the: $this -> _delete_old_items(); in the function insert( $args ) in the class-aal-api.php file. You probably could do a better job as the plugin creator ;)

Here is the code I added:

if ($args['action'] == "wrong_password") {
                $siteUrl = explode("//", get_site_url());
                openlog($siteUrl[1], LOG_PID, LOG_AUTH);
                syslog(LOG_NOTICE,"Authentication failure for ". $args['object_name'] ." from ".$args['hist_ip']);
                closelog();
        }

The filter wordpress.conf:

# Fail2Ban configuration file
#
# Author: Igor Almeida
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


[Definition]

_daemon = wordpress

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = Authentication failure for .* from <HOST>

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

And the jail snippet to insert into jail.local:

[wordpress]
enabled  = true
filter   = wordpress
port     = http,https
logpath  = /var/log/auth.log
maxretry = 2
banaction = iptables-allports

Thank you,
Igor Almeida

Setting access log per Roles and Capabilities

Setting:

New Tab: Permissions

Access log: (Checkbox)

  • Super Admin (MU)*
  • Administrator*
  • Editor
  • Author
  • Contributor
  • Subscriber

*Default


You can improve this feature with those options:

  • Allow access log for specific Users: (Select User + Repeater)
  • Disable access log for specific Users: (Select User + Repeater)

What's the best way to restrict logging?

Basically, we don't want to track all of the data that is being tracked by default because it's not all useful to us and we'd rather keep the logs as lightweight as possible.

I had a quick read-through of the plugin and I found a few different areas that seem like they're designed to allow developers to limit what is and isn't tracked, but I'm not 100% sure what the best way to approach this is.

Could you provide any example code or just point me in the right direction for what needs to be filtered within the plugin to accomplish this?

Set notification for User A OR User B

Hi. Great plugin!

One request: I wish to be notified when unregistered users visit. Is there a way to set the notification to use an OR function, rather than just the AND? So I can be notified if the user is NOT Admin A OR Admin B.

Also, can I set this up to be notified if the user is GUEST? Thanks, ab

Could someone please provide a quick example how to record this action?

This is the third time over the past year I have come back to this plugin, primarily due to its slick visual organization while meeting nearly 98% of my requirements. The problem I am having here is that I simply can't figure out the proper method to create a custom action trigger entry for my specific situation.

Let me point out in advance that I am well aware that what I aim to track would likely be incapable of scaling properly to more than a few concurrent users at a time and this is perfectly fine for my situation... I simply need a basic example of how it can be done.

The nature of my situation involves a custom wordpress website which is only accessible to about 50 individuals each of which need an existing pre approved wp user account to access the site. What I need to be able to do here is simply record every single page view on this domain for each of these users. Ideally I would like the information which gets recorded to include very basic information including date/timestamp, page title, post type name, any associated categories, tags, taxonomies and potentially some specific custom field value. The purpose of these logged pageviews simply need to allow the user to view his own activity and filter/sort it and allow an admin to do the same for all or a single user.

Could someone who has some basic experience with this plugin please provide a basic example of how to achieve this basic functionality?

Thanks in advance!

Notification type: HTTP hook

Hello,

Instead of only an email notification, I would like to request an HTTP hook notification. This would be superb.

For example I would set up a notification to that would make an HTTP Post request to http://example.com/updated when a update is made in WordPress.

Thank you
Ross

Send notification in X hours?

I just think it's very spam for now to send email per log changes. The better way need to save queue in the cache (maybe in wp_options?), and send per X hours all the activity.

@maor What you think about this?

Best,
Yakir

ManageWP requests are logged with wrong username

I'm using ManageWP to manage my sites and I just discovered that all requests from that system are logged with first admin account available. At first it was an account with ID 1, then I deleted it and now it's logging with user ID 2.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.