Activity Log Pro – User Activity Log, Audit Log & Security Monitor
Activity Log Pro is a complete WordPress activity log, user activity log, and audit log plugin for user tracking and accountability. Track user logins, content changes, plugin and theme updates, settings changes, and other important site activity – and see who did what, when, and where from one clean activity dashboard. Activity Log Pro gives you a complete audit trail of everything happening on your WordPress site. See who logged in, what content changed, exactly when it happened, which plugins were updated and any suspicious activity – all in one place. Perfect for businesses, e-commerce stores, agencies, WordPress maintenance services, and multi-user sites that need full visibility into user and system changes. Agencies and freelancers managing multiple sites can use Log Channels (Premium) to centralise logs from every client site into a single logging platform like Datadog or Better Stack. Whether you’re troubleshooting issues, staying compliant, or monitoring for security threats, Activity Log Pro is your WordPress activity tracker and activity monitoring tool to keep your site secure and transparent. “This is a super slick plugin guys. Very simple to use, very clean interface. Super excited about it.” – Ryan @ InfluenceWP.com “Perfect! Robust and exemplary neat plugin! All the info that you need is in a clear overview.” – @mixha Why Use a WordPress Activity Log? Understand every action on your site, reduce security risks, and simplify compliance. Security & Compliance: Stay compliant with GDPR, HIPAA, and other regulations while detecting failed logins, role changes, and suspicious behavior. Troubleshooting & Debugging: See exactly what changed before something broke – track plugin updates, theme edits, and content changes. User Accountability & Audit Trails: Know exactly who did what, when, and from which IP address for complete transparency and legal compliance. Performance & Site Health: Monitor plugin installations, theme changes and modifications that impact your site’s speed and stability. Enhanced Backup Strategy: Create detailed change logs that complement your backups – know exactly what to restore and when changes occurred. WordPress Security Monitoring: Track failed logins, suspicious activities, user role changes, and potential security threats in real-time. Key Features of This WordPress Activity Log Plugin 🚀 Complete Core Activity Tracking User login/logout activities with IP tracking Failed login attempt monitoring for security Login Flood Guard (optional) — caps consecutive failed-login log entries during brute-force bursts; configurable threshold (20/50/100/200), on/off toggle, and an inline notice on the Activity Logs screen when suppression is active Post, page, and custom post type changes (create, update, delete) Media library activities (upload, edit, delete) Plugin installations, activations, deactivations, and updates Theme switches, installations, and customizer changes WordPress core updates Widget modifications and placement changes Menu creation, updates, and deletions User registration, profile updates, and role changes Comment activities (approved, spam, trash, delete) Settings and options changes Category and tag management 🔌 Advanced Plugin Integrations WooCommerce Activity Log: Complete e-commerce activity monitoring — track order modifications, product changes, inventory updates, customer data edits, payment gateway settings, and coupon usage for full store audit trails (Premium) Yoast SEO Activity Log: Monitor all SEO changes including meta descriptions, title tags, search engines follow links, Advanced Meta Robots, Breadcrumbs Title updates, focus keyword changes, and readability optimizations to maintain SEO integrity (Premium) Free Professional Features Real-time activity monitoring dashboard Advanced filtering and search capabilities Detailed activity metadata and context IP address tracking for security analysis User role-based activity permissions Customizable data retention policies Export capabilities (CSV, JSON, HTML and TXT formats) Clean, responsive admin interface Database optimization for performance 💎 Premium Features Upgrade to Activity Log Pro Premium for advanced security and privacy controls: Advanced IP Privacy Controls – GDPR-compliant IP anonymization and masking options IP Location Mapping – Geographical insights for visitor analysis and security monitoring Security Alerts – Security Alerts helps you detect important WordPress activity in real time with instant email notifications for security events, content changes, and core/plugin updates. Configure smart alert cooldowns, choose multiple recipients, and reduce noise while still catching high-risk behavior fast. Log Channels – Centralise activity logs from all your WordPress sites into one platform. Stream every log entry in real time to Grafana Loki, Better Stack, Slack, Papertrail, Loggly, Datadog, Syslog/SIEM targets, or your own custom webhook endpoint. Every event is automatically tagged with the site name and URL — so you can filter across all your sites inside your existing logging platform. Delivered asynchronously in background jobs with zero impact on page load times. Ideal for agencies, WordPress maintenance services, and freelancers managing multiple client sites. Enhanced Security Features – Real-time logs and suspicious activity logs (via Live Monitor) JSON Feed Export – SIEM integration with secure token-based access WooCommerce Logger – Comprehensive e-commerce tracking (orders, products, customers) Yoast SEO Logger – Complete SEO audit trails for meta data and schema changes Priority Support – Direct access to expert support with faster response times 👉 Compare Free vs Premium Features → | 👉 Try out the Demo → 🏢 Centralised Logging for Agencies & WordPress Maintenance Services Managing multiple WordPress sites? Log Channels (Premium) lets you stream activity logs from every client site into a single external logging platform — so you can monitor all your sites in one place, without logging into each WordPress admin individually. How it works: Install Activity Log Pro on each WordPress site, configure a Log Channel pointing to your preferred logging platform, and every activity log entry is forwarded in real time. Each event is automatically tagged with the site name and site URL, so you can filter, search, and alert by site inside your chosen platform. Supported platforms — bring your own logging stack: Better Stack — Stream logs to your Better Stack Logs source; filter by site in the Telemetry dashboard Datadog — Forward logs to your Datadog account; filter by site_name or site_url in Logs Search Loggly — Centralise logs in Loggly; tag and query by site across your entire client portfolio Papertrail — Route logs via HTTPS token or classic Syslog to your Papertrail destinations Slack — Push activity events to a Slack channel for real-time awareness across all sites Custom Webhook / Syslog / SIEM — Connect to any endpoint or enterprise SIEM platform Why agencies and maintenance services choose Log Channels: One dashboard, all sites — view and search logs from every client site in your existing logging platform No vendor lock-in — choose the platform you already use; no new SaaS subscription required Tamper-proof audit trail — if a site is compromised and an attacker clears the on-site logs, your external copy is already safely stored and completely out of reach Zero performance impact — log delivery runs asynchronously in background jobs; visitors and admins never wait for external services to respond Multiple simultaneous channels — send logs to Datadog for archiving and Slack for real-time alerts at the same time Per-channel test button — verify each connection is working before you rely on it View full Log Channels details: 👉 activitylog.pro/features → ⚡ Performance & Database Custom database table – Activity Log Pro uses its own dedicated table, keeping your posts and meta tables clean and queries fast. Low-overhead logging – Events are captured in real time using optimised queries designed to have minimal impact on site performance. Configurable retention – Set log retention from 7 to 365 days to keep your database lean and manageable. Automatic cleanup – Scheduled purges run automatically based on your retention settings, with no manual intervention required. 🧹 Clean Uninstall Full data removal – Uninstalling the plugin removes all log data, custom tables, plugin options, and scheduled tasks. No leftover clutter – Your database is restored to its original state with nothing left behind, so you can test the plugin with confidence. 🛡️ Security & Privacy Activity Log Pro takes your privacy and security seriously: IP Address Anonymization by Default – All IP addresses are automatically anonymized (e.g., 192.168.1.xxx) for privacy protection WordPress Standard Security – Database security practices (prepared statements, input sanitization) Configurable Data Retention – Meet your privacy requirements with customizable retention periods Administrator-Only Access – All plugin features require administrator privileges for security 📊 Perfect For Business Websites & Corporate Sites: Maintain GDPR compliance, PCI DSS standards, and audit trail requirements for regulatory inspections and security protocols. WooCommerce & E-commerce Stores: Track order modifications, product changes, inventory adjustments, customer data access, and payment processing for fraud prevention and compliance. Multi-user WordPress Sites: Monitor team member activities, role changes, content approvals, and administrative access for complete user accountability. WordPress Development & Staging Sites: Track plugin installations, removal, theme modifications. Digital Agencies, WordPress Maintenance Services & Freelancers: Centralise activity logs across all your client sites into a single logging platform like Datadog, Better Stack, or Loggly. Each log entry is tagged with the site name and URL, giving you a unified, searchable audit trail across your entire portfolio — without logging into each site individually. Use Log Channels (Premium) to stream logs from all your client sites to your existing stack. No new SaaS dashboard required — bring your own logging platform and stay in control of your data. Membership Sites & Private Communities: Track member activities, subscription changes, content access, and community moderation actions. Educational Institutions & Learning Management: Monitor student submissions, instructor activities, course content changes, and user enrollment modifications. News & Publishing Websites: Monitor editorial workflows, content publication schedules, author activities, and SEO optimization changes. 🔧 Easy Setup & Configuration Get started in minutes: 1. Install and activate the plugin – it works out of the box with default settings 2. Configure which activities to track (optional) 3. Set your data retention preferences (optional) 4. Start monitoring immediately (There are various other Settings for you to explore) No complex setup required — this WordPress activity log works right away with sensible defaults while offering extensive customization options for advanced users. 💡 Use Cases This user activity log helps you answer the questions that matter most: Troubleshooting: “What changed right before the site broke?” Security Monitoring: “Who attempted to login with admin credentials?” Content Management: “When was this post last modified and by whom?” Compliance: “Show me all user activities for the past 6 months” Performance: “What plugins were recently activated that might be slowing the site?” Multi-Site Management: “Which of my client sites had a plugin deactivated, a user role changed, or a new admin added today?” System Requirements WordPress 6.3 or higher PHP 7.4 or higher MySQL 5.6 or higher (or MariaDB 10.0+) Minimum 64MB PHP memory limit (128MB recommended) Database Information Creates custom table: {prefix}actlogpro_activity_log_pro_all_logs Estimated storage: ~1KB per logged event Automatic cleanup: Based on retention settings (7-365 days) Uses WordPress database prefix: Follows WordPress naming conventions Privacy Policy Activity Log Pro logs user activities on your WordPress site. This may include: User login/logout times and IP addresses (anonymized by default) Content creation, modification, and deletion activities Plugin and theme changes Administrative actions Data Storage: Activity logs are stored locally in your WordPress database by default. No log data is sent to external services unless you explicitly enable a Log Channel (Premium), which can forward copies of logs to services like Datadog, Grafana Loki, Better Stack, and others. IP Address Privacy: IP addresses are automatically anonymized by default (e.g., 192.168.1.xxx) for privacy protection. Full IP addresses are only stored if explicitly enabled by administrators in the premium version. Third-Party Services: The plugin uses ipinfo.io for optional IP geolocation lookups when administrators manually request location information, and LemonSqueezy for payment processing when users choose to purchase premium features and for newsletter subscriptions when users voluntarily sign up. The ipinfo.io service is only used when explicitly requested and data is cached locally. LemonSqueezy is only used when users voluntarily initiate premium purchases, subscription management, or newsletter signups. Data Retention: You can configure data retention periods to meet your privacy requirements. You can configure a secure JSON feed, with access via a secure authentication token, available in Premium → activitylog.pro/pricing Support For support, documentation, and feature requests, please visit: Plugin Website → activitylog.pro Get Support → activitylog.pro/support Plugin Docs → activitylog.pro/docs Following on Twitter/X → x.com/ActivityLog Third-Party Services This plugin uses the following third-party services: IP Geolocation Service (ipinfo.io) – Purpose: Provides geographical location data for IP addresses to enhance security monitoring – Data Sent: IP addresses are sent to ipinfo.io for location lookup when administrators manually request IP location information – When Used: Only when administrators manually request IP location information via the admin interface – Privacy Policy: https://ipinfo.io/privacy-policy – Terms of Service: https://ipinfo.io/terms-of-service – Data Storage: Location data is cached locally for 24 hours to minimize API calls – User Control: This feature is optional and only available to administrators who explicitly request IP location data Payment Processing Service (LemonSqueezy) – Purpose: Handles secure payment processing, license validation, and subscription management for premium features – Data Sent: When users choose to purchase premium plans, payment information (credit card details, billing address), email address, and license details are processed by LemonSqueezy – When Used: Only when users voluntarily initiate premium plan purchases, license activation, or subscription management – Privacy Policy: https://www.lemonsqueezy.com/privacy – Terms of Service: https://www.lemonsqueezy.com/terms – Data Storage: Payment and license data is managed entirely by LemonSqueezy – no payment information is stored on your WordPress site – User Control: Users have complete control over whether to purchase premium features and can manage their subscriptions through LemonSqueezy’s customer portal Newsletter Subscription Service (LemonSqueezy) – Purpose: Allows users to voluntarily subscribe to product updates and educational content newsletters – Data Sent: Name and email address only when users explicitly choose to subscribe to the newsletter – When Used: Only when users voluntarily fill out and submit the newsletter subscription form in the plugin settings – Privacy Policy: https://www.lemonsqueezy.com/privacy – Terms of Service: https://www.lemonsqueezy.com/terms – Data Storage: Newsletter subscription data is managed by LemonSqueezy – no subscription information is stored on your WordPress site – User Control: Users have complete control over newsletter subscription and can unsubscribe at any time via email links or LemonSqueezy’s customer portal
Top keywords
- activity36×1.57%
- log34×1.48%
- site27×1.18%
- wordpress27×1.18%
- data25×1.09%
- changes24×1.05%
- logs22×0.96%
- security21×0.92%
- ip19×0.83%
- user19×0.83%
- activity log18×0.79%
- premium17×0.74%
Activity Guard – Security Scanner, Activity Log with IP blocking
Activity Guard is a free WordPress plugin that covers four things most plugins charge separately for: a complete activity log, an IP-based security firewall, a plugin vulnerability scanner, and WooCommerce abandoned cart analytics. Alerts go out in real time to Slack, Telegram, or email, all from one dashboard. Most activity log plugins stop at logging. Most security plugins don’t touch WooCommerce. Plugins like WP Activity Log, Simple History, and Stream do logging well — Activity Guard adds real-time Slack and Telegram alerts, an IP firewall with emergency shutdown, CVE vulnerability scanning, and WooCommerce abandoned cart recovery analytics, all at no cost. No paid tier required for any of it. No other free plugin on WordPress.org combines these four in one place: a complete audit log, an IP security firewall, a multi-database vulnerability scanner, and WooCommerce analytics with cart recovery tracking. Activity Guard Website | Documentation | Pro Support WordPress Activity Log Activity Guard records every meaningful change on your site, including the IP address, username, timestamp, and the exact change made. The audit log covers: User logins, logouts, and failed login attempts User registrations, role changes, and profile edits Pages, posts, and custom post types: create, edit, delete, status changes Plugin and theme activations, deactivations, updates, and deletions WordPress core settings and configuration changes Menu, widget, and sidebar modifications Email delivery tracking via a full email log Form submissions from Contact Form 7, SimpleForm, and others Admin settings changes and debug log events Cron job scheduling and background process tracking Script modification and file change detection Visitor traffic monitoring with an on/off toggle Visual charts summarize your audit log at a glance. No need to scroll through raw log tables to understand what’s happening on your site. Security Firewall and IP Blocking Activity Guard actively blocks threats rather than just recording them. IP blocking by manual entry, CIDR range, or conditional rule Emergency Shutdown: force-logout every active session on your site with one click Cloudflare Turnstile login protection against bots and brute force attacks Login rate limiting to stop credential-stuffing Bot detection and automatic IP blocking Restrict or fully disable XML-RPC access Core file integrity scanner to detect unauthorized file changes File integrity monitoring across plugins and themes Block TOR network access Block vulnerability scanner user agents HTTP security headers: custom, logged, and enforced WordPress version hiding 404 error tracking and suspicious HTTP request alerts Admin dashboard visitor tracking Cron job failure and site downtime monitoring The Emergency Shutdown feature is specific to Activity Guard: one click and every logged-in session on your site ends immediately — useful when you detect a breach in progress and need everyone out now. Plugin Vulnerability Scanner Activity Guard scans every installed plugin and theme against multiple vulnerability databases before problems develop: Detect plugins with known CVEs across NVD, WPVulnerability.net, and the WPAzleen private API Flag outdated plugins not compatible with your WordPress version Identify abandoned plugins not updated in over a year Warn about plugins with low install counts or poor ratings No other free activity log plugin on WordPress.org includes a built-in multi-database vulnerability scanner. WooCommerce Activity Log and Analytics Activity Guard logs every WooCommerce event and adds analytics built specifically for store owners. Order tracking covers status changes, payments, refunds, and cancellations. You also get stock level changes and low-stock events, coupon creation and usage, product pricing edits, billing and shipping address updates, customer registration changes, and real-time shipping status updates. The abandoned cart and incomplete-order analytics go further than basic logging. The dashboard shows checkout drop-off rates, recovery potential, recovery rate, and how customers interact with their carts before leaving. This tells you where revenue is being lost, not just that it was lost. WooCommerce abandoned cart analytics with recovery rate tracking is included free. No competing free activity log plugin on WordPress.org provides this. Slack and Telegram Notifications Activity Guard sends alerts the moment a critical event occurs, across four channels: Slack: route alerts to any channel, tag specific users or groups with @mentions Telegram: real-time activity and security alerts direct to your Telegram chat Email: configurable per event type Admin dashboard: in-panel notification view Events that trigger alerts include core file changes, plugin and theme updates (with the username that triggered the update), WooCommerce orders, payments, coupon usage, incomplete order follow-ups, product edits, stock changes, login and registration events, page and post changes, form submissions, and admin settings changes. A daily digest and weekly plugin download summary are also available. You can schedule notifications for specific times and control exactly which events send alerts. Admin and Developer Tools Maintenance mode toggle from the dashboard Menu and widget change tracking Plugin and theme activation and deactivation logs Script modification detection HTTP security header change logging Debug log and fatal error detection Email log: full delivery history for all outgoing WordPress emails Contact Form 7 and SimpleForm integration alerts Who Uses Activity Guard WooCommerce store owners use it to track every order, coupon, product change, and shipping event, and to recover revenue with abandoned cart analytics. Site administrators use it to know exactly who changed what, instantly log out suspicious users, and maintain a clean audit trail. Agencies and developers use it to monitor plugin updates, configuration changes, fatal errors, and debug logs across client sites. Security-focused admins use it to block IPs, scan for CVEs, monitor file integrity, and trigger emergency shutdowns. Multi-author sites use it to hold contributors accountable with full user activity logging and role-change tracking. Join us: Facebook | YouTube | X / Twitter External Services Slack Webhook Integration Activity Guard sends notifications to your Slack workspace using a Slack incoming webhook URL that you provide. To set one up: Create a Slack app or use an existing one Enable Incoming Webhooks in the app settings Add a webhook to your workspace Paste the webhook URL into Activity Guard settings No data is stored by Slack beyond what you configure in your own Slack workspace. See Slack’s privacy policy for details. Cloudflare Turnstile Activity Guard uses Cloudflare Turnstile for login bot protection. When Turnstile is enabled, your login page communicates with Cloudflare’s verification servers. See Cloudflare’s privacy policy for details. Plugin Vulnerability Scanner – Data Sources WordPress.org Plugin API: retrieves plugin metadata including latest version, last updated date, rating, and active install count. Privacy Policy WPAzleen API: private endpoint for known vulnerabilities by plugin and version. No sensitive data is transmitted. Privacy Policy WPVulnerability.net: public API for CVE-based vulnerability data. Privacy Policy National Vulnerability Database (NVD): official CVE data from NIST. Privacy Policy All scans run locally using public metadata and vulnerability feeds. Activity Guard does not collect, store, or transmit any personal information during scans. Freemius Activity Guard uses the Freemius SDK for optional telemetry. No data is collected by default. Data collection only starts after you explicitly confirm in the admin notice. See the Freemius privacy policy for details. WPAzleen Settings API Loads display settings for the Pro upgrade modal in the plugin admin area. No personal data is transmitted. WPAzleen Privacy Policy Source Code The source files for all compiled/minified JavaScript and CSS in this plugin are publicly available at: https://github.com/wpazleen/activity-guard Build instructions: Clone the repository or visit the src directory directly. Run npm install in the root to install dependencies. Run npm run build to compile JavaScript and CSS assets. Compiled files output to build/. Contributions, bug reports, and pull requests are welcome.