変更履歴

2.6.8 (2017-09-19)

• Improvement

  • Improved the sensor for custom post types so posts with NULL value or other temp custom posts are not reported. This was reported in several support tickets; here, here and here.

• Bug Fix

  • Add a new check to ensure the object is of WP_Post class Support Ticket

2.6.7 (2017-09-09)

• Improvements
  • Added a new property in WSAL main class to store the current plugin version.
  • Added a new function in WSAL main class to define constants (to be used throughout the plugin)
  • Improved the code formatting in AuditLog.php

2.6.6 (2017-08-30)

• New Audit Trail Alerts

  • Alert 4015 for when a user creates a custom field in a user profile.
  • Alert 4016 for when a user updates a custom field value in a user profile.

• New Feature

  • Logging of changes in custom fields (in posts, pages, custom post types, user profiles) created by Advanced Custom Fields (ACF) or similar plugins.
  • New option to show either the Username or Firstname and Lastname of the user in the Audit Trail.

• Improvements

  • 404 errors logfiles are now saved in /uploads/wp-security-audit-log/404s/ directory.
  • Changed the 404 errors logfile name format to [alert]_[yyyymmdd].log. Thanks to Enable Security for PoC of vulnerability and advise.
  • Removed link to view post from Alerts about permanently deleted posts (2008, 2009, 2033).
  • Added tooltip for filter via IP address.

• Bug Fix

  • Fixed an issue where the viewing of content was not being logged when Yoast SEO is installed.

2.6.5 (2017-07-18)

• New Audit Trail Alerts

  • Alert 1007 for when an administrator terminate’s a logged in session using the Users Sessions Management Add-On
  • Alert 6023 to log 404 HTTP errors (requests to non-existing pages) by website visitors (non WordPress users)

• Improvements

  • Seggregated the logging of 404 HTTP Errors by who generates them. Alert 6007 for logged in users, 6023 for anonymous website visitors.
  • Improved the logging of Alert 4014 so it is not reported every time a user’s profile page is reloaded with a refresh or when a change is applied.
  • Removed the wsal_wp_session cookie, which was used to store the selected database when archiving of audit trail alerts is enabled. Using LocalStorage instead.
  • Replaced mcrypt (deprecated in PHP 7) with OpenSSL. Mcrypt still used temporarily to convert configured password. Will be removed completely in future updates. Support Ticket

2.6.4 (2017-06-01)

• New Features
  • Added a number of queries in the plugin to support the new version of the Reports Add-On

2.6.3 (2017-05-03)

• Security Update
  • Updated third party session libraries to a more secure version

2.6.2 (2017-04-22)

• New alerts to record actions & profile changes

  • 1006: User logged out all other sessions with the same username
  • 4014: User opened the profile page of another user

• New alerts to record post and page specific settings changes

  • 2111: Disabled Comments / Trackbacks and Pingbacks on a published post
  • 2112: Enabled Comments / Trackbacks and Pingbacks on a published post
  • 2113: Disabled Comments / Trackbacks and Pingbacks on a draft post
  • 2114: Enabled Comments / Trackbacks and Pingbacks on a draft post
  • 2115: Disabled Comments / Trackbacks and Pingbacks on a published page
  • 2116: Enabled Comments / Trackbacks and Pingbacks on a published page
  • 2117: Disabled Comments / Trackbacks and Pingbacks on a draft page
  • 2118: Enabled Comments / Trackbacks and Pingbacks on a draft page

• New alerts to record WordPress site-wide settings changes

  • 6008: User enabled / disabled the option Discourage search engines from indexing this site
  • 6009: User enabled / disabled comments on all the website
  • 6010: User enabled / disabled the option Comment author must fill out name and email
  • 6011: User enabled / disabled the option Users must be logged in and registered to comment
  • 6012: User enabled / disabled the option to automatically close comments after [X] days
  • 6013: User changed the value of the option Automatically close comments from [X] to [X] days
  • 6014: User enabled / disabled the option for comments to be manually approved
  • 6015: User enabled / disabled the option for an author to have previously approved comments for the comments to appear
  • 6016: User changed the number of links from [X] to [X] that a comment must have to be held in the queue
  • 6017: User modified the list of keywords for comments moderation
  • 6018: User modified the list of keywords for comments blacklisting

• Plugin Improvements

  • URL of content in alert is no longer truncated. Now it will be reported in full
  • Organised the alerts in Enable/Disable Alerts section in categories and sub categories, thus they are easier to find
  • Plugin no longer links to a non-existing log file when 404 logging is switched off
  • Added additional checks for when using the function wp_Sessions_register_garbage_collection, which was causing a conflict with another plugin

• Bug Fixes

  • Fixed an issue in which the plugin was changing the titles of WooCommerce product pages for logged in users Ticket
  • Fixed an issue in which plugin was unable to handle automated generated content with author 0 Ticket

2.6.1 (2017-03-09)

• Bug Fixes
  • Removed the PHP Session ID cookie created by mistake for non logged in users.

2.6 (2017-02-08)

• New Features

  • Audit trail for WooCommerce Store and Products.
  • New Hover over functionality to disable alerts with a single click.

• New WooCommerce Audit Trail Alerts

  • Refer to the Audit trail WooCommerce Alerts List for a complete list of alerts the plugin uses to keep a record of changes in the WooCommerce store and products.

• Plugin Improvements

  • Improved severity of alerts and added severity description on hover over.
  • Removed all code related to PHP error monitoring, which is no longer used (code spring cleaning).

• Bug Fixes

  • Fixed an issue in which 404 logs where still being generated when the logs option was disabled but alert 6007 was enabled.

2.5.9.2 (2017-01-11)

• Bug Fix
  • Updated store URL so premium add-ons can be updated.

2.5.9 (2017-01-03)

• Support for new features in External DB Add-on:
  • Mirroring of audit trail to Syslog
  • Mirroring of audit trail to Papertrail
  • Support for archiving alerts from the audit trail in an external database.

2.5.8 (2016-11-09)

• Plugin Improvement (Standardized all date & time formats and timezone)

  • Plugin now uses the time & date format configured in WordPress (removed the option from plugin that override this).
  • Updated all the Premium Add-Ons to use the time & date format configured in WordPress.
  • Changed the Request Log file extension to php and disabled execution (before it was log, hence users could guess it)

• Bug Fixes

  • Fixed a problem with restricting users’ access to the plugin (support ticket).
  • Fixed a bug in the custom alerts – previously custom alerts were overwritten during upgrade. Updated custom alerts documentation as well.

2.5.7 (2016-10-05)

• Bug Fix
  • Fixed an issue where a page’s title was not being returned Support Ticket

2.5.6 (2016-09-27)

• Bug Fix
  • Fixed an issue where previous 404 reports were not being correctly merged. Support Ticket

2.5.5 (2016-09-27)

• New WordPress Audit Trail Alerts

  • 2100: User opened a post in the editor
  • 2101: User viewed the post
  • 2102: User opened page in editor
  • 2103: User viewed page
  • 2104: User opened custom post type in editor
  • 2105: User viewed the custom post type

• New Features

  • New setting to configure the number of 404 requests the plugin should record in a logfile from the same IP address.
  • Ability to download the 404 log file directly from the alert.
  • Added a new setting that disables or enables all of the plugin’s logging. It is disabled by default.

• Plugin Improvements

  • Organized the plugin settings under different tabs making it is easier to configure.
  • Updated the Reports add-on to show 404 log file location in the reports.
  • Removed the auto-enabling of 404 requests monitoring (introduced in previous version).
  • When 404s are from localhost, localhost is used in filename and not the IP. Support Ticket
  • The Add Functionality node is now automatically disabled when one or more premium add-ons are activated.
  • Changed the location of request log to /wp-content/uploads/wp-security-audit-log/.
  • Changed the extension of the request log file from php to log.
  • Plugin won’t keep a record of newly posted comments that are marked as spam by Akismet.

• Bug Fixes

  • Fixed the data inspector that was not working in certain installations.
  • Fixed an issue with custom alerts, which were overwritten during upgrade. Refer to the custom alerts documentation for more information.

2.5.4 (2016-09-14)

• Update

  • Updated the Italian translation file with the latest translations.

• Bug Fix

  • Fixed a bug related to database collation which was affecting the generation of reports.

2.5.3 (2016-08-16)

• Bug Fix
  • Enabled the 404 logging by default during upgrade and new install. Read this FAQ for more information on this functionality.

2.5.2 (2016-08-12)

Read the WP Security Audit Log 2.5.2 release notes for more details on what is new.

• New Feature

  • Logging of 404 Requests to a Log file. Read this FAQ for more information on this functionality.

• Improvements

  • Fixed several alerts / monitoring capabilities that were not working correctly in WordPress 4.6.

2.5.1 (2016-07-26)

• Bug fixes
  • Fixed the disabling functionality of Alert 6007 because it was not working.
  • Fixed the disabling functionality for Alerts 1000 and 10001.
  • Merged bug fixes from version 2.4.4 (were not included in 2.5.0).

2.5.0 (2016-07-12)

Read the WP Security Audit Log 2.5.0 release notes for a detailed overview of what is new.

• New Features

  • Plugin now keeps a record in the audit trail of changes in WordPress comments. Refer to the list of alerts for WordPress comments for the complete list.
  • Audit log alerts for 404 (page not found) requests.
  • Audit log alerts for pages / posts / custom post types automatically created by plugins.
  • Added wildcard (*) support for when excluding Custom Fields.
  • New setting to customize From email address and display name (The Reports, Email Alerts and Users Sessions Management add-ons have been updated to use the configured email address).

• New WordPress Audit Trail Alerts for Changes in Comments

  • 2090: User approved a comment
  • 2091: User unapproved a comment
  • 2092: User replied to a comment
  • 2093: User edited a comment
  • 2094: User marked a comment as Spam
  • 2095: User marked a comment as not Spam
  • 2096: User moved a comment to trash
  • 2097: User moved a comment out from the trash
  • 2098: User permanently deleted a comment
  • 2099: Website visitor / User posted a comment (disabled by default. Enable it from the Enable/Disable Alerts node in the plugin menu)

• New WordPress Audit Trail Alerts for Plugins Activity

  • 5019: Plugin automatically created a post
  • 5020: Plugin automatically created a page
  • 5021: Plugin automatically created a custom post type
  • 5025: Plugin automatically deleted a post
  • 5026: Plugin automatically deleted a page
  • 5027: Plugin automatically deleted a custom post type

• Other New WordPress Audit Trail Alerts

  • 5031: User updated a theme
  • 2089: User moved an object as a sub-object in a menu
  • 6007: User / website visitor requested a non-existing page (404 ERROR)

• Improvements

  • Standardized all alerts messages / Improved the text of all of them. Each post / page / custom post type alert has a linkt to the Editor now

2.4.4 (2016-06-27)

• Security fix

  • Fixed a cross-site scripting vulnerability in the function AjaxDisableCustomField()

• Bug fix

  • Fixed the hide plugin setting which was not working in some scenarios. Support Ticket

2.4.3 (2016-06-01)

• New Add-On Support

  • Included code to support the new Users Sessions Management Add-On, which allows you to see who is logged in to your WordPress and WordPress multisite networks.

• New Alerts in the WordPress Audit Trail

  • 1004: A login attempt was blocked because a session with the same username already exists
  • 1005: Multiple logged-in sessions for the same WordPress username has been detected

• Improvement

  • Plugin reports changes when an object is moved as a sub object in a menu.

• Bug fixes

  • Fixed a problem where wrong permissions were assigned to the reports directory in the uploads directory for the Reports Add-On.
  • Fixed an issue where multiple incorrect changes were reported when changing the structure of a menu Support ticket.
  • Fixed a bug in the settings sensor support ticket.

2.4.2 (2016-04-26)

• Improvement
  • Removed hardcoded memory limit in database connector. Now all database connections are done via AJAX calls hence there is no need for such limits.

2.4.1 (2016-04-20)

Read the WP Security Audit Log 2.4 release notes for a detailed overview of what is new in this version.

• New Features

  • New setting allowing the users to configure the timestamp of the alerts. Read the FAQ How to change the time zone in the WordPress Audit Trial for more information.

• New WordPress Security Alerts for Content title changes

  • 2086: User changed the title of a post
  • 2087: User changed the title of a page
  • 2088: User changed the title of a custom post type

• Improvements

  • Implemented AJAX calls for when migrating the WordPress Audit Trail between databases with the External DB add-on

2.4 (2016-03-28)

Read the WP Security Audit Log 2.4 release notes for a detailed overview of what is new.

• New Features

  • Monitoring of WordPress menus changes from both admin pages and theme customizer.
  • New hook that allows users to create their own custom alerts. Read the WP Security Audit Log Custom Alerts documentation for more information.
  • New alerts for when a either a post, a post or a custom post type is scheduled.

• New WordPress Security Alerts for Menus

  • 2078: User created a new menu
  • 2079: User added objects to menu
  • 2080: User removed object from menu
  • 2081: User deleted a menu
  • 2082: User changed menu settings
  • 2083: USer modified an object in menu
  • 2084: User renamed a menu
  • 2085: User changed the order of the objects in menu

• New WordPress Security Alerts for Scheduled Items

  • 2074: User scheduled a post for publishing
  • 2075: User scheduled a page for publishing
  • 2076: User scheduled a custom post type for publishing

• Bug Fixes

  • Fixed an issue where WordPress updated alerts were begin generated repeatedly upon accessing the updates page. Support Ticket
  • Fixed an issue where WordPress pruning was not working in an out of the box installation. Support Ticket
  • Fixed a conflict with Migrate DB. Support Ticket

2.3.3 (2016-02-16)

• Bug Fixes
  • Fixed an issue where automated WordPress updates were not being reported.
  • Improved error handling in database queries.

2.3.2 (2016-01-21)

• Bug Fix
  • Fixed an issue with the login/logout sensor reported in this ticket.

2.3.1 (2016-01-16)

• Improvement
  • Improved the SQL queries used by the Reports Add-On

2.3 (2016-01-12)

• New Features

  • Keep track of changes on bbPress forums. For more detailed information read the WP Security Audit Log 2.3 Release Notes

• New WordPress Security Alerts

  • 8000: User published a new forum
  • 8001: User changed the status of a forum
  • 8002: User changed the visibility of a forum
  • 8003: User changed the URL of a forum
  • 8004: User changed the order of a forum
  • 8005: User moved forum to trash
  • 8006: User permanently deleted a fourm
  • 8007: User restored a forum from trash
  • 8008: User changed the parent of a forum
  • 8009: User changed the role of forum auto user role
  • 8010: User changed the option for anonymous posting on forum
  • 8011: User changed the forum type
  • 8012: User changed the time setting to disallow editing of posts
  • 8013: User changed the time setting for post throttling
  • 8014: User created new forum topic
  • 8015: User changed the status of a forum topic
  • 8016: User changed the type of a forum topic
  • 8017: User changed the URL of a forum topic
  • 8018: User changed the forum for a topic
  • 8019: User moved a forum topic to trash
  • 8020: User permanently deleted a forum topic
  • 8021: User restored a forum topic from trash
  • 8022: User changed the visibility of a forum topic

• Improvements

  • Improved the performance / queries of the Audit Log Viewer, hence now it is faster when retrieving alerts from bigger databases
  • Rewritten and improved the reporting engine for the Reports Add-On

• Bug Fix

  • Fixed an issue where administrators of sub domain websites could see the alerts of other websites from the dashboard widget in a multisite installation. Ticket
  • Fixed a SQL query error where a NULL value was being saved and it wasn’t accepted. Ticket

2.2 (2015-11-10)

• New Features

  • Aded the revision link in content change security alerts allowing you to see the actual content changes that took place on posts, pages and custom post types. Learn More

• Bug Fixes

  • Fixed an issue where user was allowed to disable all columns in Audit Log Viewer Support ticket. Fix recommendation by Bates College.

2.1.1 (2015-10-08)

• New WordPress Security Alerts

  • 2072: User modifies a post that is submitted for review
  • 2073: Contributor submits a post for review

• Improvements

  • Added the functionality to search by Alert ID in Search add-on
  • When a background process is reports, plugin now reports “System” as username and not “unkown”
  • Improved the connection checks of the External DB add-on (now it also has a timeout for when incorrect IP / Host is specified)

• Bug Fixes

  • Fixed an issue in the Reports add-on where not all available users were being listed to generate a report
  • Fixed an issue with licensing notifications – now all licensing notifications will be automatically dismissed upon activating a key.
  • Fixed an issue where the user reset passwords were not being recorded (since 4.3). Ticket

2.1.0 (2015-09-09)

• New Features

  • Support for the External DB Add-on.
  • Integration with WhatIsMyIPAddress.com (Click an IP addresses in Audit Log viewer to get all information about it).
  • Settings to Incude or exclude specific columns from the Audit Log viewer.
  • Ability to exclude an IP address from monitoring
  • New option to disable the reporting of WordPress background tasks (such as deletion of auto draft posts)

• Bug Fixes

  • Fixed a problem when trying to customize a widget via the theme customizer support ticket.
  • Handling an error that was generated when someone logged in to a WordPress via social media channels.
  • Fixed: incorrect alert generated when a widget is moved from the bottom of a container to another.
  • Fixed: incorrect alert generated when a custom filed is deleted from a page.
  • Fixed an issue where post related actions were not reported for users with author and contributor roles.
  • Fixed an issue where in a specific scenario the settings in the options tabel were duplicate.

2.0.1 (2015-08-05)

• Minor Change
  • Launched a new WP Security Audit Log website and updated all relevant links.

2.0.0 (2015-07-16)

• New Features

  • New database connector allowing faster and more efficient plugin to WordPress database communication
  • Added new option to switch the display time of alerts between 24 hour or 12 hour format
  • Sorting functionality in Audit Log Viewer (sort WordPress security alerts by date & time, code or username)

• Bug Fixes

  • Fixed issue where super admin roles was not reported when logging in to “sub sites” in WordPress multisite
  • Fixed several formatting issues in the Audit Log Viewer (UI)
  • Fixed issue where multiple plugins were upgraded via the drop down menu and no alerts were being reported
  • Fixed: When unrestricting plugin access from a single admin was not working properly

1.6.1 (2015-05-04)

• Bug Fixes
  • Fixed the monitoring of plugin updates for WordPress 4.2 Support Ticket
  • Fixed an issue where multiple plugin updates triggered by drop down menu were not being reported
  • Fixed a conflict with Magic Fields 2 plugin Support Ticket
  • Updated the escaping of add_query_arg() function which could result in a potential XSS

1.6.0 (2015-04-16)

• New Security Alerts
  • 5010: plugin created new tables in the WordPress database
  • 5011: plugin modified the structure of a number of tables in the WordPress database
  • 5012: plugin deleted tables from the WordPress database
  • 5013: theme created new tables in the WordPress database
  • 5014: theme modified the structure of a number of tables in the WordPress database
  • 5015: theme deleted tables from the WordPress database
  • 5016: an unknown component created new tables in the WordPress database
  • 5017: an unknown component theme modified the structure of a number of tables in the WordPress database
  • 5018: an unknown component theme deleted tables from the WordPress database
  • 2052: a user changed the parent of a category

1.5.2 (2015-04-07)

• Bug Fix
  • Removed a clause which changed the debug log path (used for testing) Support Ticket

1.5.1 (2015-03-26)

• Improvements

  • Completely removed the user of the is_admin() function to follow better security practises

• Bug Fixes

  • Updated the licensing mechanism to correct problem where WP Security Audit Log premium add-ons could not be activated.
  • Fixed several issues where the database tables were not being created during install or upgrade. Support ticket and Support ticket 2
  • Fixed an issue where the plugin did not monitor any activity in specific scenarios. Support ticket and Support ticket 2
  • Removed duplicate options in the settings page. Support ticket

1.5.0 (2015-03-18)

• New Features

  • Ability to exclude custom fields from monitoring (custom fields can be excluded from the Audit Log Viewer with a simple click or you can specify them in the settings)
  • Ability to exclude WordPress users and roles from monitoring

• Improvements

  • WP Security Audit Log now has its own settings table in WordPress database. This will provide us with more flexibility and have more centralization of data
  • Updated the code where is_admin() function was being used to follow better security practises

• Bug Fixes

  • Fixed a problem where a PHP exception was being thrown during the activation of the plugin support ticket

1.4.1 (2015-03-12)

• Bug Fix
  • Fixed an issue where the IP address was not being reported for anyone using PHP version 5.3.3 or earlier support ticket

1.4 (2015-02-24)

• New Features

  • WordPress username is now reported when a failed login is recorded – More Details
  • Plugin is now available in Romanian thanks to Artmotion

• Improvements

  • Improved IP Address validation checks – if IP address format is incorrect the plugin reports “incorrect format” and not “unknown” – This will help us improve troubleshooting
  • Alerts pruning options are now added during activation of the plugin, making pruning options more reliable – existing pruning options will be retained

• Bug Fixes

  • Fixed issue with the option “auto / manual” refresh of Audit Log Viewer
  • Fixed plugin uninstallation process (added new option to purge all plugin data from WordPress database upon uninstall)

1.3.3 (2015-01-21)

• New Features

  • Premium Add-Ons will be hidden from the WordPress plugins page when the Hide plugin option is enabled.

• Improvements

  • Updated some of the help text in plugin’s settings page
  • Updated the text of some WordPress security alerts

• Bug Fixes

  • Fixed a bug related to the reverse proxy / IP retrieval functionality
  • Fixed an issue related to Sandbox removal and upgrades Support Ticket

1.3.2 (2014-12-16)

• New Features and Options

  • Plugin automatically retrieves user’s originating IP address even if WordPress is installed behind a reverse proxy, web application firewall or load balancer. For more information refer to WP Security Audit Log, Reverse Proxies and WAFs
  • New option to omit internal IP addresses from being reported in the WordPress security audit log

• Removed Functionality

  • The sandbox was removed from the plugin. If you need to use the sandbox for troubleshooting and tested contact us since we migrated it to a standalone extension.

• Bug Fixes

  • Fixed a bug where site administrators where not able to view the WordPress security alerts for their sites in a WordPress multisite installation
  • Improved some SQL queries as reported in this support ticket
  • Fixed an issue with alerts pruning (when pruning was set by number of alerts the plugin was pruning all alerts)

1.3.1 (2014-11-27)

• New WordPress Security Alerts

  • Alert 2065: The content of published post has been modified
  • Alert 2066: The content of published page has been modified
  • Alert 2067: The content of published custom post type has been modified
  • Alert 2068: The content of a draft post has been modified
  • Alert 2069: The content of a draft page has been modified
  • Alert 2070: The content of a draft custom post type has been modified
  • Alert 2071: Changed the position of a widget in the same container

• WordPress Security Audit Log Viewer Improvement

  • Removed fixed width from columns, hence now they are dynamically resized depending on your resolution

• Bug Fixes

  • Fixed an issue where alert 1001 (logout) was generated without a login support ticket
  • Fixed a PHP coding problem / invalid argument issue support ticket

1.3.0 (2014-10-30)

• New WordPress Security Alerts

  • Alert 2065: User modified the content of a blog post
  • Alert 2066: User modified the content of a WordPress page
  • Alert 2067: User modified the content of a custom post type

• Improvements

  • We have also improved the code of some of the sensors which monitor the WordPress activity

1.2.9 (2014-10-21)

• Bug Fix
  • Fixed an issue with the queries used for the alerts pruning as reported in this support ticket.

1.2.8 (2014-10-14)

• New Feature

  • Added new Extensions page to allow users to see which extensions they can use to increase the functionality of the plugin
  • Included licensing mechanism to support premium extensions

• Improvements

  • Updated latest language files for German and Italian translations (also include corrections for some old translations)

• Bug Fixes

  • Fixed a problem with the pruning of WordPress Security Alerts support ticket
  • Fixed pagination issue in the Audit Log Viewer when running on WordPress multisite

1.2.7 (2014-09-26)

• New Feature

  • New option “Restrict Plugin Access” that allows WordPress administrators to further restrict access to the plugin and the WordPress security alerts

• Improvements

  • Updated the Audit Log Viewer backend to retriev WordPress security alerts much faster and consume less resources on large websites
  • Moved the Audit Log plugin menu entry underneath the dashboard entry for better access
  • Several minor enhancements to the plugin to perform better on large WordPress installations

• Bug Fixes

  • Fixed an uncaught exception with Logout Alert 1001 support ticket

1.2.6 (2014-08-20)

• Improvements

  • Several performance improvements and tweaks applied
  • Updated Italian translations

• Bug Fixes

  • Fixed an issue with URLs of plugin pages support ticket
  • Fixed an uncaught exception with Logout Alert 1001 support ticket
  • Fixed error on logout issue support ticket
  • Fixed uncaught exception with specific Alert Codes support ticket

1.2.5 (2014-08-12)

• New Feature

  • Monitoring of custom fields in WordPress posts, pages and custom post types.

• New WordPress Security Alerts

  • Alert 2053: User created new custom field in blog post
  • Alert 2054: User modified the value of custom field in blog post
  • Alert 2055: User deleted a custom field in blog post
  • Alert 2062: User renamed custom field in blog post
  • Alert 2059: User created new custom field in page
  • Alert 2060: User modified the value of custom field in page
  • Alert 2061: User deleted custom field from page
  • Alert 2063: User renamed custom field in
  • Alert 2056: User created new custom field in custom post type
  • Alert 2057: User modified the value of custom field in custom post type
  • Alert 2058: User deleted a custom field from custom post type
  • Alert 2064: User renamed custom field in custom post type

• Improvements

  • Improved the writing and reading of WordPress alerts from the WordPress database (plugin runs more efficiently on high traffic WordPress and WordPress multisite installations)
  • Improved the monitoring of WordPress login and logout actions
  • Applied various plugin performance tweaks

• Bug Fixes

  • Fixed a specific issue where user and user role where not being reported (ticket)
  • Fixed an error which was being reported during user logout in specific scenarios (ticket)
  • Fixed a CSRF vulnerability reported by Kévin FALCOZ aka 0pc0deFR

1.2.4 (2014-07-27)

• Improvements
  • Improved monitoring of failed logins, addressed issues reported here, here, here and here

1.2.3 (2014-07-23)

• Improvements

  • Improved database structure for better support of high-traffic WordPress and WordPress multisite installations
  • Developer options are reset during updates for improved performance
  • Added a warning / note to the developer options (such options should NEVER be enabled on live websites but only on testing, staging and development websites)

• Bug Fixes

  • Fixed database issue with primary key constraint

1.2.2 (2014-07-16)

• New Features

  • Italian translation available thanks to Leonardo Musumeci

• Improvements

  • Added a warning for developer options
  • “Hidden” developer options from default settings; user has to click link to access developer settings
  • Backtrace logging now made optional from a developer setting

• Bug Fixes

  • Solved several issues related to translations. Now everything in the plugin is translatable
  • Fixed several other issues reported by email

1.2.1 (2014-07-2)

• Bug Fix
  • Fixed reported issue with upgrade (more info here)

1.2.0 (2014-07-2)

• New Features

  • Unlimited Alerts can be stored (removed the 5000 alerts limit)
  • Alert time now includes milliseconds for more precision (ideal for auditing and compliance)
  • Reported alert time is now relative to user’s configured timezone
  • Alerts automatic pruning procedures can now be enabled / disabled
  • Option to hide WP Security Audit Log from Plugins page in WordPress
  • If there are more than 15 websites in a multisite installation, an auto complete site search box is shown instead of the drop down menu

• New WordPress Security Alerts

  • Alert 5007: User has uninstalled / deleted a theme
  • Alert 5008: Super administrator network activated a theme on multisite
  • Alert 5009: Super administrator network deactivated a theme on multisite

1.1.0 (2014-05-27)

• New Features

  • User avatar is shown in the alert to allow administrators to easily recognize users and their activity
  • Clickable username in alerts allow administrators to access user’s profile instantly
  • User role is reported in alert so administrators can easily track any suspicious behaviour
  • PHP Version checker; upon installation the plugin will check what version of PHP is installed on the system

• New WordPress Security Alert for monitoring plugin files

  • Alert 2051: User changed a plugin file using the plugin editor (note: filename and location will also be reported in the alert)

• Bug fixes

  • Fixed wrapping problem in alerts dashboard widget
  • Fixed upgrade script to properly create the new tables in the WordPress database

1.0 (2014-05-20)

• Complete plugin rewrite making the new version more stable and scalable

• New Features

  • New Audit Log viewer
  • Auto refresh of security alerts – WordPress administrators do not need to refresh the Audit Log Viewer page to see new alerts
  • Data Inspector reports more insider information about each alert (can be enabled from settings)
  • Sandbox allows developers to execute PHP code for troubleshooting (can be enabled from settings)
  • Request Log that logs all HTTP GET and POST requests done on WordPress (can be enabled from settings)
  • Logging of PHP Errors; ideal for developers who want to monitor WordPress for any errors (can be enabled from settings)
  • New Support and About Us page that you should check out!

• New WordPress Security Alerts for monitoring themes, WordPress settings, files and much more

  • Alert 2046: User modified a file using the editor
  • Alert 2047: User changed parent of page
  • Alert 2048: User changed template of page
  • Alert 2049: User set post as sticky
  • Alert 2050: User removed post from Sticky
  • Alert 5005: User installed a new theme
  • Alert 5006: User activated a theme
  • Alert 6004: User upgraded WordPress
  • Alert 6005: User changed the WordPress permalinks

• New WordPress Developer Alerts

  • Alert 0000: Unknown error
  • Alert 0001: PHP Error
  • Alert 0002: PHP Warning
  • Alert 0003: PHP Notice
  • Alert 0004: PHP Exception
  • Alert 0005: PHP Shutdown Error

0.6.3 (2014-02-18)

• Bug Fix
  • Disabled debugging by default (left enabled by mistake)

0.6.2 (2014-02-03)

• Bug Fix
  • Fixed a number of database issues introduced with the WordPress Multisite Support
  • Fixed issue with supporting pre WordPress 3.0 multisite installations (support tickets here and here)

0.6.1 (2014-01-16)

• Bug Fix
  • Fixed errors in debug code (used for when debugging is enabled in plugin)

0.6 (2014-01-15)

• New Plugin Feature

• WordPress Multisite Support Read More

• New WordPress Security Alerts for monitoring specific multisite activity on a WordPress multisite network installation

  • Alert 4008: User is granted super admin privileges (network)
  • Alert 4009: Super admin privileges (network) are revoked from a user
  • Alert 4010: Added an existing user to a site and assigned a specific role
  • Alert 4011: Removed user with a specific role from a site
  • Alert 4012: New user created on the network
  • Alert 7000: Added a new site to network
  • Alert 7001: A site was archived
  • Alert 7002: A site was unarchived
  • Alert 7003: A site was activated
  • Alert 7004: A site was deactivated
  • Alert 7005: A site was deleted

• Plugin Improvements

  • Plugin settings page to have the same look and feel of the new WordPress dashboard (3.8)

0.5.1 (2013-12-11)

• Bug Fix
  • Fixed an issue with Edit Post function (in very specific cases) (https://wordpress.org/support/topic/was-working-great-no-post-edit-function-now)

0.5 (2013-11-06)

• New WordPress Security Alerts for monitoring of Widgets

  • Alert 2042: New widget was added
  • Alert 2043: A widget was modified
  • Alert 2044: A widget was deleted
  • Alert 2045: A widget was moved

• New Plugin Features

  • New setting to allow specific user(s) and role(s) to view the Audit Log Viewer (read only)
  • New setting to allow specific user(s) and role(s) to manage the WP Security Audit Log plugin (can change plugin settings, enable disable WordPress security alerts etc)

• Plugin Improvements

  • Renamed “login/logout” tab in “Enable/Disable Alerts” section to plugins to “Other User Activity”
  • Added the files alerts (uploaded / delete files) to the “Enable/Disable Alerts” (previously unavailable)

• Bug Fixes

  • Fixed issue where all users were able to see the Dashboard widgets with security alerts – now restricted only to users who have access to the plugin
  • Fixed user reported issue (https://wordpress.org/support/topic/errors-on-enabledisable-alerts-page)

0.4 (2013-10-09)

• New WordPress Security Alerts for Custom Post Types

  • Alert 2029: New post with custom post type created and saved as draft
  • Alert 2030: Post with custom post type is publishes
  • Alert 2031: A published post with custom post type is modified
  • Alert 2032: A draft post with custom post type is modified
  • Alert 2033: A post with custom post type was permanently deleted
  • Alert 2034: A post with custom post type was moved to trash
  • Alert 2035: A post with custom post type was restored from trash
  • Alert 2036: The category of a post with custom post type was changed
  • Alert 2037: The URL of a post with custom post type was changed
  • Alert 2038: The author of a post with custom post type was changed
  • Alert 2039: The status of a post with custom post type was changed
  • Alert 2040: The visibility of a post with custom post type was changed
  • Alert 2041: The date of a post with custom post type was changed

• New Plugin Features

  • Enable/Disable Alerts node that allows WordPress administrators to switch on or off specific WordPress security alerts
  • Dashboard widget that shows the latest 5 WordPress security alerts (widget can be switched on or off from the plugin settings)
  • Plugin is now language aware and we can accept translations

• Plugin Improvements

  • Updated settings page to have the same look and feel of WordPress
  • Improved the upgrade procedure of the plugin
  • Updated the Audit Log Viewer display to support more resultions such as those of tables and smartphones

0.3 (2019-09-19)

• New WordPress Security Alerts

  • Alert 6001: Anyone can Register option in WordPress settings was changed
  • Alert 6002: Default use role in WordPress settings was changed
  • Alert 6003: Administrator notification email in WordPress settings was changed
  • Alert 2025: Visibility of a blog post was changed
  • Alert 2026: Visibility of a page was changed
  • Alert 2027: Date of a blog post was changed
  • Alert 2028: Date of a page was changed

• Plugin Improvements

  • Links to the Audit Log Viewer and Settings in the plugin summary page
  • Time of Failed Login alerts now reflects the time of last failed login attempt

• Bug Fixes

  • Fixed: Incorrect alerts generated when author of page was changed from quick edit mode
  • Fixed: Conflict with WP Mandrill and other plugins using pluggable.php
  • Fixed: Incorrect alerts generated when plugin is installed via a zip file / upload method

0.2 (2013-08-12)

• Restricted plugin options and WordPress Audit Log Event Viewer only to WordPress administrators
• Improved failed logins events (events generated from the same IP, or same username will be grouped to avoid mass flooding of security events)
• Security Events pruning now uses wp-cron functionality (improved stability and reliability of events pruning)
• Applied several performance improvements (faster loading of events etc)
• Added support for permalinks; now events will include page or blog post URL rather than ID
• Added new alerts for when a page or blog post status is changed from draft, pending review or published
• Added new alert for when a page or blog post URL or author is changed
• Added new alert for when a blog post category is changed
• Added new alerts for when a user creates or deletes a category
• Added new alert for when the author of a blog post or page is changed
• Added new plugin alerts for when a plugin is installed, uninstalled or upgraded
• Updated navigation menu to use standard WordPress dashboard icons etc

0.1 (2013-05-24)

• Initial beta release of WP Security Audit Log.