WP Activity Log

Description

Monitor activity on your WordPress sites and get clear insights into what’s happening with detailed user and event logging.

Keep WordPress logs of everything that happens on your sites and multisite networks with WP Activity Log to:

  • Track user logins and logouts to ensure service level agreements (SLAs) are consistently met
  • Record failed login attempts to identify potential security breaches and enhance site security
  • Monitor user activity and productivity to promote accountability
  • Know what happened before an outage for easier troubleshooting
  • Know exactly what all your users are doing
  • Ensure compliance with regulations and standards such as GDPR and PCI DSS
  • Better manage & organize your site & users
  • Easily detect suspicious activity on your WordPress site before it escalates into security issues

WP Activity Log is a complete logging solution, helping hundreds of thousands of administrators and security professionals track changes on their websites thanks to real-time user activity monitoring.

WordPress changes and details WP Activity Log keeps track of

A website activity log is an important tool in improving troubleshooting, compliance, user management, and security.
Get WP Activity Log and keep track of events on your site. The log not only tells you that a post, a user profile, or an object was updated, it also lets you know exactly what changed, when, and includes a user log (by whom) so you always have the information you need.

Below is a summary of the changes that the plugin can keep a record of:

  • Post, page and custom post type changes such as status, content changes, title, URL, custom field, and other metadata changes

  • Tags and category changes such as creating, modifying or deleting them, and adding or removing them from posts

  • Widget and menu changes such as creating, modifying, or deleting them

  • User changes such as user created or registered, deleted, or added to a site on multisite network

  • User profile changes such as password, email, display name, and role changes

  • Access logging such as user login, logout, failed logins, and terminating other sessions

  • WordPress core and settings changes such as installed updates, permalinks, default role, URL, and other site-wide changes

  • WordPress multisite network changes such as adding, deleting or archiving sites, adding or removing users from sites, etc.

  • Plugin and Theme changes such as installing, activating, deactivating, uninstalling, and updating

  • WordPress database changes such as when a plugin adds or removes a table

  • Changes to WooCommerce Stores & products, Yoast SEO, WPForms, Gravity Forms, Advanced Custom Fields (ACF), MainWP and other popular WordPress plugins.

  • WordPress site file changes such as new files are added, or existing ones are modified or deleted.

Detailed event logging ensures that for every event that the plugin records, it reports the:

  • Date & time (and milliseconds) of when it happened
  • User & role of the user who did the change
  • Source IP address from where the change happened
  • The object on which the change has taken place

Refer to WordPress activity log event IDs for a complete list of all the changes WP Activity Log can keep a record of and a detailed explanation of what change every event ID represents.

Upgrade to WP Activity Log Premium and get even more

The premium edition of WP Activity Log takes WordPress user activity tracking to the next level. It comes bundled with even more features to take your WordPress website administration and security to the next level.

Premium features list

  • See who is logged in and their current activities in real-time
  • Log off any user at the click of a button
  • Generate fully-configurable HTML and CSV reports
  • Get email and SMS notifications with important changes (fully configurable)
  • Search filters to fine tune the search results and find what you need in seconds
  • Store activity log in an external database to improve security and scalability
  • Mirror the activity log to logs management systems such as AWS CloudWatch, Loggly, and Papertrail in real-time
  • Easily mirror the logs in real-time to business communication systems such as Slack
  • Send a copy of your websites’ activity log to a log file on your web server in real-time
  • Archive old activity log data to another database for better storage and log management

Refer to the WP Activity Log plugin features and benefits page to learn more about the benefits of upgrading to WP Activity Log Premium.

WP Activity Log third-party plugin support

All WP Activity Log editions include activity tracking for third-party plugins, including:

  • WooCommerce: Keep a log of changes to the WooCommerce store settings, orders, products, coupons, and much more
  • Yoast SEO: Keep a log of changes to Yoast SEO settings, on-page SEO in the Yoast SEO meta box, and much more
  • WPForms: Keep a log of changes to WPForms settings, forms, form files, entries (leads) and more
  • Gravity Forms: Keep a log of changes to Gravity Forms settings, forms, forms settings, entries (leads), and more
  • MemberPress: Keep a log of changes to your MemberPress powered website, including plugin settings changes, memberships, payments, subscriptions and other changes that your team does on your website
  • bbPress: Keep a log of changes to bbPress forums, topics, bbPress settings and more
  • MainWP: Keep a log of MainWP network changes and see the activity logs of all child sites from one central location – the MainWP dashboard
  • Advanced Custom Fields: Keep a log of changes to post types, taxonomies, and taxonomy terms
  • Redirection: Keep a log of changes to redirections and redirection groups

Other Noteworthy Features

Both free and premium editions of WP Activity Log include a number of non-logging specific features that make the plugin a complete WordPress logging solution. Here is what is included:

Free

  • Built-in support for reverse proxies and web application firewalls
  • Integration with WhatIsMyIpAddress.com allow you to get all information about an IP address with just a mouse click.
  • Limit who can view the WordPress activity log by users or roles
  • Settings to enable/disable individual event IDs from the activity log
  • Configurable dashboard widget highlighting the most recent critical activity
  • Configurable WordPress activity log retention policies
  • User avatar is displayed in the events for better recognizability
  • And much more!

Premium

Everything that’s included in the Free edition, plus:

  • Full WordPress multisite support
  • Easily create your custom alerts & notifications to monitor additional functionality
  • Import/export plugin settings
  • Real-time activity log in WordPress admin toolbar
  • And much more!

Free and premium plugin support

If you encounter any issues with the free edition of WP Activity Log, you can post and get help on the WordPress.org support forums. You can also find more technical information and plugin documentation on the Melapress knowledge base.

Premium plugins include a full year of free updates and dedicated one-to-one premium email support. This means you get direct access to our support team who will assist you with any questions or issues related to the plugins.

As featured on:

MAINTAINED & SUPPORTED BY MELAPRESS

Melapress develops high-quality WordPress management and security plugins such as Melapress Login Security, CAPTCHA 4WP, and WP 2FA.

Browse our list of WordPress security and administration plugins to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users.

Installing WP Activity Log

Install WP Activity Log from within WordPress

  1. Visit ‘Plugins > Add New’
  2. Search for ‘WP Activity Log’
  3. Install and activate the WP Activity Log plugin
  4. Allow or skip diagnostic tracking

Install WP Activity Log manually

  1. Extract the plugin ZIP file and upload it to the /wp-content/plugins/ directory
  2. Activate the WP Activity Log plugin from the ‘Plugins’ menu in WordPress
  3. Allow or skip diagnostic tracking

Screenshots

  • The WordPress activity logs from where the site administrator can see all the user and site changes.
  • See who is logged in to your WordPress and manage users sessions with Users Sessions Management in the Premium edition.
  • The plugin settings from where site administrator can configure generic plugin settings such as reverse proxy support, who can manage the plugin etc.
  • Use the event Inspector to see more technical details about each event in the activity log, such as the session ID and UserAgent string.
  • Configuring WordPress email and instant SMS alerts with the Email & SMS Notifications module in the Premium edition.
  • Search in the WordPress activity log with the use filters to fine tune the search results.
  • The Enable/Disable events section from where Administrators can disable or enable activity log events.
  • The Activity Log Viewer of a Super Admin in a WordPress multisite network installation alllows the admin to view the logs from all the network, or filter the logs of a specific site.
  • WP Activity Log is integrated with the built-in revision system of WordPress, thus allowing you to see what content changes users make on your WordPress posts, pages and custom post types. For more information read Keep Record of All WordPress Content Changes
  • Mirror the WordPress activity log to an external solution such as Syslog or Papertrail to centralize logging in the Premium edition, to ensure logs are always available and cannot be tampered with in the unfortunate case of a hack attack.
  • Use the plugin settings to exclude objects from the logs, configure automatic pruning of events, which timestamp to be shonw in the logs and much more. The plugin is fully confirable.
  • Generate any type of statistics reports from the actiivty log with the Premium edition. You can see statistics such as number of newly registered users, number of user profile changes, number of logins, different IP addresses per user, and much more.
  • Use the Premium edition to also export any activity log data to an HTML report or CSV file. CSV files are the most widely supported format and can easily be read, parsed and imported in third party systems.

FAQ

Does the free edition of WP Activity Log limit the data it collects?

No, the free edition does not limit the data the plugin collects whatsoever. All events logged by the premium edition are available in the free edition. The premium edition adds additional features such as extensive log filtering options, external database/log management service integration, user session management, and much more.

How long does WP Activity Log keep data for?

Log data can be kept indefinitely in both free and premium editions. By default, the plugin retains all audit logging data for 3 months however this can be changed from the initial configuration wizards or the plugin’s settings (activity log retention policies).

Where does the plugin store the log?

By default, the log is stored in the WordPress database. WP Activity Log Enterprise edition includes an option to save the activity log to an external database and log mirroring to AWS Cloudwatch, Loggly, Papertrail, Syslog, & other SIEMs

Can the log be exported?

Yes, the log can easily be exported as either CSV or HTML. The reports module in the Premium plugin is required for this functionality.

How does WP Activity Log Improve Security?

WP Activity Log keeps a record of security-related user and system activities, including logins, logouts, failed login attempts, changes to settings and configurations, and post edits among other things. This security log can not only uncover suspicious or untowards behaviour, but also aid in forensics and post-mortems for quicker recoveries.

Who can view the activity log?

By default, all users with administrator role can view the activity log. However, you can restrict this to a specific administrator or ccess can be given to other users through the plugin’s settings. Refer to the WordPress activity log privileges for more information on how you can do this.

Does the plugin send any log data to Melapress?

No, the plugin does not send any log data to us whatsoever. The only data we recieve is license data from the premium edition of the plugin.

Does the plugin receive updates?

We update the plugin fairly regularly to ensure the plugin continues to run in tip-top shape while adding new features from time to time.

Will WP Activity Log slow down my website?

WP Activity Log will not slow down your website. Each release is tested before release to ensure it works in the best way possible. Having said that, you need to make sure your WordPress web server has adequate resources to manage the load of your website.

How do I get support?

Support for the Free edition of the plugin is provided only via the WordPress.org support forums. You can also refer to our support pages for all the technical and product documentation.

If you are using the Premium edition, you get direct access to our support team via one-to-one email support.

How can I report security bugs?

You can report security bugs through the Patchstack Vulnerability Disclosure Program. Please use this form. For more details please refer to our Melapress plugins security program.

Reviews

Mukutulansanja 17, 2025 1 reply
I had this plugin installed on multiple sites and it worked away in the background. Just this week I received over 40 emails containing “highlights” from those sites. I never gave permission to receive emails, I never signed up for email updates, and to unsubscribe I had to log into each and every one of the sites – instead I uninstalled the plugin. I suggest the authors read up on GDPR.
Mukutulansanja 17, 2025 1 reply
Someone must not have thought the update with the email summaries through, what about people who use this on a global scale. Perhaps 100s of websites all now emailing them ever single week. The feature is nice, the implementation is shockingly short sighted.
Mukutulansanja 16, 2025 1 reply
This has been an invaluable plugin on all of the sites that I run for years. A lot of sites. Like, somewhere in the neighborhood of 100 of them, in multisite networks. And with the latest update, it now, by default, emails me a weekly “summary” from every one of those sites, and I have to go through and turn it off. Site by site. One by one. Ask me how much I hate these guys today. Just ask me.
Mukutulansanja 14, 2025
For us as an agency this plugin is really important to keep everything documented. The support is outstanding and helps very quickly. They really take care of what users say. Great! Thanks for this great piece of software,-doffine
Read all 452 reviews

Contributors & Developers

“WP Activity Log” is open source software. The following people have contributed to this plugin.

Contributors

“WP Activity Log” has been translated into 10 locales. Thank you to the translators for their contributions.

Translate “WP Activity Log” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

5.3.2 (2025-02-18)

Improvement
* Updated the upgrade script so the weekly summary email is disabled by default when upgrading from older versions.

5.3.1 (2025-02-13)

Improvement
* Improved some of the WP CLI confirmation messages.
* Removed the “red dot” typically associated with plugin upgrades when the update message is displayed.

Bug fixes
* Fixed: If the plugin is updated to 5.3.0 via composer or WP CLI and no administrator is already (allowing the plugin to set some settings) the message “You do not have sufficient rights to access this page” is displayed on the website login page.
* Fixed: Custom recipient email addresses for weekly notifications was not being saved correctly in the plugin settings.
* Improved the database sensor to ensure that Event IDs 5010, 5011, and 5012 are now accurately reported.

5.3.0 (2025-02-11)

New activity log event IDs (improved coverage)
* ID 6319 – Changed the status of the Weekly activity log summary email.
* ID 6328 – Modified the recipients of Weekly activity log summary email.
* ID 5030 – A plugin failed to install. X

New activity log event IDs for WooCommerce
* ID 9157 – Enabled the setting to limit the purchase of a product to 1 item per order.
* ID 9158 – Disabled the setting to limit the purchase of a product to 1 item per order.
* ID 9159 – Changed the Store visibility status.
* ID 9160 – A new review was posted.
* ID 9161 – A product review was unapproved.
* ID 9162 – A product review was approved.
* ID 9163 – A product review was marked as spam.
* ID 9164 – A product review was moved to trash.
* ID 9165 – A product review was restored from trash.
* ID 9166 – A product review was permanently deleted.
* ID 9167 – A product review was edited.

New activity log event IDs for Yoast SEO
* ID 8872 – Changed the “Personal logo” in the Organization/Person setting.
* ID 8859 – Enabled / disabled a site feature in the plugin settings (this ID replaces 8815, 8817, 8819, 8844, 8846, and 8828, which remain part of the plugin to ensure backward compatibility).
* ID 8860 – Changed the status of the crawl optimization settings in the plugin settings.

New features
* Weekly email summary in the Free edition.

Security fix
* Fixed a XSS vulnerability reported by zer0gh0st (D.Sim)

Plugin & functionality improvements
* Improved the “Reverse proxy / WAF support” feature by adding more HTTP headers to choose from, and allowing users to specify custom HTTP headers.
* “Super Admin” is now available as a “role” criteria in the custom notifications trigger builder, enabling one to set up notifications based on this user role.
* Updated the metadata description for event ID 9042 to cater for WooCommerce’s latest changes related to product visibility changes.
* Improved the cron jobs loaded by the Free edition by removing some redundant ones.
* Created a new category in the “Enable/Disable events” page called “Activity Log” and moved a number of events from the “WordPress & System”.
* Updated the event ID 6048 metadata to cater for the improved Reverse Proxy / Firewall Option.
* Improved the database migration script (for when migrating from versions prioir to 4.6) to better handle data on large multisite networks.
* Standardised the text format across the plugin pages.
* Increased the limit of subsites displayed on multisite networks from 15 to 150 for a better handling and filtering of logs on larger multisite networks.
* Removed the check and notice for the obsolete WP Activity Log extensions for third party plugins.
* Updated the first-time configuration wizard and also included a new step for enabling weekly summary notifications.
* Adjusted the loading of translation files to adapt the plugin to a change introduced in WordPress 6.7.
* Added a new filter hook wsal_message_before_mirror to customize logs mirrored to third parties – list of WP Activity Log hooks.
* Extended the list of supported WP CLI commands for WP Activity Log.
* Improved the WP_Log_In_Out_Sensor to accommodate recent updates in the wp_login_failed action.
* WooCommerce event ID 9133 now reports when fee values inside an order are modified.
* WooCommerce event ID 9076 now logs enabling or disabling of a payment method.
* WooCommerce event ID 9072 is no longer redundantly appearing when a new product (ID 9001) is published.
* WooCommerce event ID 9155 metadata now clearly states that notes were added to an order instead of “comments”.
* Event IDs 8806, 8813, 8814, 8822, 8824, 8828, 8830, 8831, 8832, 8836, 8837, 8863, 8864, 8865, 8868, 8869, and 8870 in Yoast SEO were updated and are now compatible with the latest versions of the plugin.
* Merged several Yoast SEO event IDs into the new ID 8859 to track plugin settings modifications while maintaining backward compatibility.

Bug fixes
* Fixed duplicated Event IDs (10000 and 10010) generated when creating new post types using ACF.
* Fixed a bug preventing ID 9138 from being reported when a new WooCommerce product was copied to a draft.
* Fixed intermittent fatal errors when resetting plugin settings or purging logs when WP Activity Log is installed on MainWP.
* Resolved issues with WooCommerce ID 9086 and ID 9040 not being properly reported.
* Fixed PHP errors when WooCommerce orders contain products with no ID.
* Improved support for UTF-8 characters in custom notifications.
* Fixed a bug preventing ID 5003 (User deleted a plugin) to not be reported on newer WordPress core versions.
* Fixed WooCommerce event 9105 not reporting Order name correctly when the order contains different products.
* Fixed a PHP error that occurs during plugin updates when the Shield Security plugin is active simultaneously with WP Activity Log.
* Fixed a bug causing some WP Activity Log Events to be disabled from monitoring after some time.
* Fixed a bug in the Woocommerce sensor causing strange behavior when WP Activity Log is enabled along with Woocommerce + HPOS order mode + Deposits – Partial Payments Plugin.
* Fixed a PHP error that could occur when a new WooCommerce order is placed containing products with no ID.
* Fixed a PHP Warning related to the WP Activity Log widget in the dashboard.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous version updates of WP Activity Log.