Activity Guard – Security Scanner, Activity Log with IP blocking
Activity Guard is a free WordPress plugin that covers four things most plugins charge separately for: a complete activity log, an IP-based security firewall, a plugin vulnerability scanner, and WooCommerce abandoned cart analytics. Alerts go out in real time to Slack, Telegram, or email, all from one dashboard. Most activity log plugins stop at logging. Most security plugins don’t touch WooCommerce. Plugins like WP Activity Log, Simple History, and Stream do logging well — Activity Guard adds real-time Slack and Telegram alerts, an IP firewall with emergency shutdown, CVE vulnerability scanning, and WooCommerce abandoned cart recovery analytics, all at no cost. No paid tier required for any of it. No other free plugin on WordPress.org combines these four in one place: a complete audit log, an IP security firewall, a multi-database vulnerability scanner, and WooCommerce analytics with cart recovery tracking. Activity Guard Website | Documentation | Pro Support WordPress Activity Log Activity Guard records every meaningful change on your site, including the IP address, username, timestamp, and the exact change made. The audit log covers: User logins, logouts, and failed login attempts User registrations, role changes, and profile edits Pages, posts, and custom post types: create, edit, delete, status changes Plugin and theme activations, deactivations, updates, and deletions WordPress core settings and configuration changes Menu, widget, and sidebar modifications Email delivery tracking via a full email log Form submissions from Contact Form 7, SimpleForm, and others Admin settings changes and debug log events Cron job scheduling and background process tracking Script modification and file change detection Visitor traffic monitoring with an on/off toggle Visual charts summarize your audit log at a glance. No need to scroll through raw log tables to understand what’s happening on your site. Security Firewall and IP Blocking Activity Guard actively blocks threats rather than just recording them. IP blocking by manual entry, CIDR range, or conditional rule Emergency Shutdown: force-logout every active session on your site with one click Cloudflare Turnstile login protection against bots and brute force attacks Login rate limiting to stop credential-stuffing Bot detection and automatic IP blocking Restrict or fully disable XML-RPC access Core file integrity scanner to detect unauthorized file changes File integrity monitoring across plugins and themes Block TOR network access Block vulnerability scanner user agents HTTP security headers: custom, logged, and enforced WordPress version hiding 404 error tracking and suspicious HTTP request alerts Admin dashboard visitor tracking Cron job failure and site downtime monitoring The Emergency Shutdown feature is specific to Activity Guard: one click and every logged-in session on your site ends immediately — useful when you detect a breach in progress and need everyone out now. Plugin Vulnerability Scanner Activity Guard scans every installed plugin and theme against multiple vulnerability databases before problems develop: Detect plugins with known CVEs across NVD, WPVulnerability.net, and the WPAzleen private API Flag outdated plugins not compatible with your WordPress version Identify abandoned plugins not updated in over a year Warn about plugins with low install counts or poor ratings No other free activity log plugin on WordPress.org includes a built-in multi-database vulnerability scanner. WooCommerce Activity Log and Analytics Activity Guard logs every WooCommerce event and adds analytics built specifically for store owners. Order tracking covers status changes, payments, refunds, and cancellations. You also get stock level changes and low-stock events, coupon creation and usage, product pricing edits, billing and shipping address updates, customer registration changes, and real-time shipping status updates. The abandoned cart and incomplete-order analytics go further than basic logging. The dashboard shows checkout drop-off rates, recovery potential, recovery rate, and how customers interact with their carts before leaving. This tells you where revenue is being lost, not just that it was lost. WooCommerce abandoned cart analytics with recovery rate tracking is included free. No competing free activity log plugin on WordPress.org provides this. Slack and Telegram Notifications Activity Guard sends alerts the moment a critical event occurs, across four channels: Slack: route alerts to any channel, tag specific users or groups with @mentions Telegram: real-time activity and security alerts direct to your Telegram chat Email: configurable per event type Admin dashboard: in-panel notification view Events that trigger alerts include core file changes, plugin and theme updates (with the username that triggered the update), WooCommerce orders, payments, coupon usage, incomplete order follow-ups, product edits, stock changes, login and registration events, page and post changes, form submissions, and admin settings changes. A daily digest and weekly plugin download summary are also available. You can schedule notifications for specific times and control exactly which events send alerts. Admin and Developer Tools Maintenance mode toggle from the dashboard Menu and widget change tracking Plugin and theme activation and deactivation logs Script modification detection HTTP security header change logging Debug log and fatal error detection Email log: full delivery history for all outgoing WordPress emails Contact Form 7 and SimpleForm integration alerts Who Uses Activity Guard WooCommerce store owners use it to track every order, coupon, product change, and shipping event, and to recover revenue with abandoned cart analytics. Site administrators use it to know exactly who changed what, instantly log out suspicious users, and maintain a clean audit trail. Agencies and developers use it to monitor plugin updates, configuration changes, fatal errors, and debug logs across client sites. Security-focused admins use it to block IPs, scan for CVEs, monitor file integrity, and trigger emergency shutdowns. Multi-author sites use it to hold contributors accountable with full user activity logging and role-change tracking. Join us: Facebook | YouTube | X / Twitter External Services Slack Webhook Integration Activity Guard sends notifications to your Slack workspace using a Slack incoming webhook URL that you provide. To set one up: Create a Slack app or use an existing one Enable Incoming Webhooks in the app settings Add a webhook to your workspace Paste the webhook URL into Activity Guard settings No data is stored by Slack beyond what you configure in your own Slack workspace. See Slack’s privacy policy for details. Cloudflare Turnstile Activity Guard uses Cloudflare Turnstile for login bot protection. When Turnstile is enabled, your login page communicates with Cloudflare’s verification servers. See Cloudflare’s privacy policy for details. Plugin Vulnerability Scanner – Data Sources WordPress.org Plugin API: retrieves plugin metadata including latest version, last updated date, rating, and active install count. Privacy Policy WPAzleen API: private endpoint for known vulnerabilities by plugin and version. No sensitive data is transmitted. Privacy Policy WPVulnerability.net: public API for CVE-based vulnerability data. Privacy Policy National Vulnerability Database (NVD): official CVE data from NIST. Privacy Policy All scans run locally using public metadata and vulnerability feeds. Activity Guard does not collect, store, or transmit any personal information during scans. Freemius Activity Guard uses the Freemius SDK for optional telemetry. No data is collected by default. Data collection only starts after you explicitly confirm in the admin notice. See the Freemius privacy policy for details. WPAzleen Settings API Loads display settings for the Pro upgrade modal in the plugin admin area. No personal data is transmitted. WPAzleen Privacy Policy Source Code The source files for all compiled/minified JavaScript and CSS in this plugin are publicly available at: https://github.com/wpazleen/activity-guard Build instructions: Clone the repository or visit the src directory directly. Run npm install in the root to install dependencies. Run npm run build to compile JavaScript and CSS assets. Compiled files output to build/. Contributions, bug reports, and pull requests are welcome.
Top keywords
- activity24×1.94%
- log16×1.29%
- activity guard15×1.21%
- guard15×1.21%
- changes13×1.05%
- slack11×0.89%
- vulnerability11×0.89%
- wordpress10×0.81%
- alerts9×0.73%
- tracking9×0.73%
- woocommerce9×0.73%
- analytics8×0.65%
WP Activity Log
Monitor activity on your WordPress sites and get clear insights into what’s happening with detailed user and event logging. Keep WordPress logs of everything that happens on your sites and multisite networks with WP Activity Log instantly, without writing a line of code. Easily detect suspicious activity on your WordPress site before it escalates Record failed login attempts to detect potential security breaches and strengthen site protection Track user logins and logouts to ensure SLAs are consistently met Monitor user activity and productivity to boost accountability Know exactly what all your users are doing in real time Know what happened before an outage for faster, easier troubleshooting Ensure compliance with regulations and standards like GDPR and PCI DSS Better manage & organize your site and users for smoother operations Simple setup ensures you start benefiting quickly and easily WP Activity Log is a complete logging solution, helping hundreds of thousands of administrators and security professionals track changes on their websites thanks to real-time user activity monitoring. 💎 Need more extensive features? Unlock advanced reporting, exports/mirroring, session management, and real-time alerts with WP Activity Log premium or enterprise. What WordPress changes WP Activity Log tracks A website activity log is important for improving troubleshooting, compliance, user management, and security. Get WP Activity Log and keep track of events on your site. The log not only tells you that a post, a user profile, or an object was updated, it also lets you know exactly what changed, when, and includes a user log (by whom), so you always have the information you need. Below is a summary of the changes that the plugin can keep a record of: Post, page, and custom post type changes: Status, content changes, title, URL, custom field, and other metadata changes Tags and category changes: Creating, modifying, deleting, and adding/removing them from posts Widget and menu changes: Creating, modifying, or deleting them User changes: User created or registered, deleted, or added to a site on multisite network User profile changes: Password, email, display name, and role changes Access logging: User login, logout, failed logins, and terminating other sessions WordPress core and settings changes: Installed updates, permalinks, default role, URL, and other site-wide changes WordPress multisite network changes: Adding, deleting, or archiving sites, adding or removing users from sites, etc. Plugin and Theme changes: Installing, activating, deactivating, uninstalling, and updating WordPress database changes: When a plugin adds or removes a table Third-party plugin changes: WooCommerce Stores & products, Yoast SEO, RankMath, Termly, WPForms, Gravity Forms, Advanced Custom Fields (ACF), MainWP, ManageWP, WP Umbrella, and other popular WordPress plugins WordPress site file changes: New files added, or existing files modified or deleted. Event details recorded Detailed event logging ensures that for every event that the plugin records, it reports the: Date & time (and milliseconds) of when it happened User & role of the user who did the change Source IP address from where the change happened The object on which the change has taken place Refer to WordPress activity log event IDs for a complete list of all the changes WP Activity Log can keep a record of and a detailed explanation of what change every event ID represents. 💎 Upgrade to WP Activity Log Premium and get even more The premium edition of WP Activity Log takes WordPress user activity tracking to the next level. It comes bundled with even more features, including log mirroring, enterprise-grade support, user session management, and much more! Premium features list See who is logged in and monitor their current activities in real-time Log off any user at the click of a button Generate fully-configurable HTML and CSV reports for easy data analysis Receive email, SMS, and Slack notifications for important changes (fully configurable) Use search filters to fine-tune results and find what you need in seconds Store the activity logs in an external database to enhance security and scalability Mirror the activity log to log management systems such as AWS CloudWatch, Loggly, Papertrail, and others in real-time Mirror the logs to business communication systems like Slack Send a copy of your website’s activity log to a log file on your web server Archive old activity log data to another database for improved storage and log management Add notes to activity log entries for better context and internal documentation Refer to the WP Activity Log plugin features and benefits page to learn more about the benefits of upgrading to WP Activity Log Premium. 🔌 WP Activity Log third-party plugin support All WP Activity Log editions include activity tracking for third-party plugins, including (in alphabetical order): Advanced Custom Fields (ACF) – Log changes to post types, taxonomies, and taxonomy terms bbPress – Track changes to forums, topics, and bbPress settings Gravity Forms – Track changes to Gravity Forms settings, forms, and entries (leads) LearnDash – Track changes to courses, lessons, and other system changes, as well as student activity such as course, lesson, and quiz enrollments and completions. MemberPress – Log changes to plugin settings, memberships, payments, subscriptions, and other actions Multisite & management tools – Track changes across your network for MainWP, ManageWP, Modular DS, Infinite WP, WP Umbrella, WP Remote, and other multisite management plugins Paid Membership Pro – Log changes to membership levels, user assignments, and more. Premium users can also track order and checkout activity, and access a Members Activity panel inside each member’s profile for instant visibility into recent actions. RankMath – Log changes to RankMath settings, SEO configurations, and on-page SEO edits Redirection – Keep a log of changes to redirections and redirection groups Termly – Log changes to Termly settings and configurations WooCommerce – Keep a log of changes to store settings, orders, products, coupons, and more WPForms – Log changes to WPForms settings, forms, form files, and entries (leads) Yoast SEO – Track changes to Yoast SEO settings and on-page SEO in the Yoast SEO meta box Extra Features for Enhanced Monitoring and Management Both free and premium editions of WP Activity Log include a number of non-logging specific features that make the plugin a complete WordPress monitoring solution. Here is what is included: Free Built-in support for reverse proxies and web application firewalls Integration with WhatIsMyIpAddress.com – get all information about an IP address with a single click Limit who can view the WordPress activity log by users or roles Enable or disable individual event IDs from the activity log Configurable dashboard widget highlighting the most recent critical activity Configurable WordPress activity log retention policies Display user avatars in events for better recognizability And much more! Premium Everything that’s included in the Free edition, plus: Full WordPress multisite support Create custom alerts & notifications to monitor additional functionality Import and export plugin settings Real-time activity log visible in the WordPress admin toolbar And much more! 🛠️ Free and premium plugin support If you encounter any issues with the free edition of WP Activity Log, you can post and get help on the WordPress.org support forums. You can also find more technical information and plugin documentation on the Melapress knowledge base. Premium plugins include a full year of free updates and dedicated one-to-one premium email support. This means you get direct access to our support team who will assist you with any questions or issues related to the plugins. As featured on: Kinsta Pagely Shout Me Loud The Dev Couple WPKube Techwibe Tidy Repo KitPloit and many others. MAINTAINED & SUPPORTED BY MELAPRESS Melapress develops high-quality WordPress management and security plugins such as Melapress Login Security, WP 2FA, and Melapress Role Editor. Browse our list of WordPress security and administration plugins to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users. Installing WP Activity Log Install WP Activity Log from within WordPress Visit ‘Plugins > Add New’ Search for ‘WP Activity Log’ Install and activate the WP Activity Log plugin Allow or skip diagnostic tracking Install WP Activity Log manually Extract the plugin ZIP file and upload it to the /wp-content/plugins/ directory Activate the WP Activity Log plugin from the ‘Plugins’ menu in WordPress Allow or skip diagnostic tracking