More reports white labelling options & statistics reports

Release notes: More reports white labelling options & statistics reports

• New activity log event IDs

  • ID 2133: user taken over a post from another user.

• New features & functionality

  • A number of new activity log statistics reports such as number of newly created users, user profile changes, password changes and password resets, page views, and more.
  • Added a number of new whitelabeling options in the activity log reports. Users can now add the business name, contact details, business logo and more in the reports.
  • Users can now change the report title, add comments etc.
  • Tags for Loggly & AWS Cloudwatch: add tags to the WordPress activity logs mirrored to your logs management system.

• Plugin & features improvements

  • Users can now specify the number of hours when configuring a timeout for idle sessions.
  • Automatic plugin and theme updates are now detected and reported in the activity log (event ID: 5004).
  • Improved the logic of event ID 4029 - the user triggering the password reset request is now reported as the user who did the action.
  • Added the format of the generated report in the periodic reports list.
  • Draft posts can also be included in reports criteria.
  • The function to import / export plugin settings replaced with our own library (to be used in other plugins).
  • Plugin now uses the hook 'deleted_theme' to detect deletion of installed themes.
  • Removed the multisite tab from built-in notifications when installed on single site.
  • Added a check so the name of a mirroring connection cannot be empty.
  • Plugin now checks if there is an existing mirroring connection with the same name so not to overwrite existing ones.
  • Removed redundant "Save" button from the "Delete activity log data" page.
  • Improved the Integrations wizard - catered for a number of conflicts with other plugins and themes such as Divi.
  • Reviewed and improved the text in the WordPress users' sessions management module.
  • Reports generation errors now contain details of why reports failed instead of generic errors, helping the user identify what the issue might be.
  • When deleting data about an IP address or a user from the logs, the user is now asked if they want to delete the events about the user / where the IP address is mentioned, or events generated from that user or IP address.
  • Optimized the way licensing data is stored on a multisite network.
  • Premium plugin advert in activity log viewer is now fixed - it does not interrupt user.
  • Added a new filter to specify which long data fields should be truncated in the activity log viewer.
  • "Email Notifications" section renamed to "Email & SMS Notifications".
  • Reviewed and rewritten the help text in the Sessions module to advise users to terminate current sessions before restricting sessions.
  • Applied a number of UI/UX tweakts to the Enable/Disable events section making it neater and easier to use.
  • Post titles are now reported and linked to the post in the daily update email.

• Bug fixes

  • When user changes multiple plugin settings the plugin now is reporting all the changes and not just one.
  • Fatal error reported when running certain activity log searches.
  • Event ID 6310 no longer incorrectly reported with every plugin setting change.
  • Fixed: activity log retention settings deleted and rewritten to database on page reloads.
  • Fixed: some premium features such as the "link to view all users activity" available in the free edition.
  • Fixed: New notification help text shows HTML code rather than formatted message.
  • Fixed: Clicking the expand data in activity log viewer resets the view and redirects the user to top of the activity log.
  • Fixed: Reports filter "Post type" was not finding events about posts with some custom post types.
  • Fixed: Changes in activity log retention settings not correctly reported in event ID 6052.
  • Fixed: When a user changes a post's title and content, only the title change is reported.
  • Fixed: Deleting of activity log events by severity is not deleting the events.
  • Fixed: Excape characters in password cause authentication with third party services to fail.
  • Fixed: The setting "Cleanup expired session data" cannot be disabled.
  • Fixed: Step 2 in the integrations wizard is not "scrollable" if you go back to it while configuring a connection.
  • Fixed: changes in built-in email notifications are not saved in some specific scenarios.

Support for MainWP extension updates + maintenance update

= 4.4.1 (2022-03-23) =

Release notes: Out now: Activity Log for MainWP 2.0 & WP Activity Log 4.4.1

• Improvements & changes

  • All of the plugin's code is now using the WordPress coding standards.
  • Removed the reporting and search code from the free edition plugin that was used by the MainWP extension.

• Bug fixes

  • Fixed: Reports filter "By post title(s)" not working.
  • Fixed: Users couldn't set up a MySQL connection because of "unknown connection type" error.
  • Fixed: The daily activity log summary email cannot be enabled again after disabled.
  • Fixed: PHP fatal error when index.php file is saved in the custom sensors directory.

New Reports engine with more criteria, reports management & more

Release notes: New Reports engine with more criteria, reports management & more

• New activity log event IDs

  • ID 6059: Changed the site's title.
  • ID 4021: Changed the website URL in the user profile.
  • ID 4013: User has been activated on a multisite network.

• New features & functionality

  • Hooks to allow users to change the columns in reports or ad value from non-default columns. Refer to the list of hooks in WP Activity Log for more information.
  • New UI for "Enable/Disable event IDs" with search and filtering functionality.
  • New filter that allows user to add metadata to user information popup. Refer to the List of hooks in WP Activity Log for more information.
  • The new Activity Log for TablePress extension.

• Improvements

  • Changed the database schema for improved storing of data, and faster writing and reading. After the upgrade the plugin will launch the upgrade process which might take some time to complete, depending on the amount of data in the activity log.
  • Improved the coverage of changes done to a website via REST API.
  • Removed obsolete code used for advertorial events in the activity log viewer.
  • All plugin settings now have the wsal_ prefix automatically added to them.
  • Rewritten some of the settings help text in the plugin to better explain the settings.
  • Removed obsolete settings & code of the old file integrity scanner (now part of Website File Changes Monitor plugin).
  • Removed obsolete reference to the old file changes scanner in the daily summary email.
  • Made a number of JS strings available for translation.
  • Removed a number of plugin settings from autoload for improved performance.
  • Improved the plugin's metadata and added the licensing information.
  • Long URL strings in activity log events are now automatically truncated. Full URL can be seen with just a click.
  • Removed forced database table collation: plugin now uses the default WordPress table collation.
  • Updated the "Help & Contact Us" page; improved text and added more relevant information.
  • Improved several UI sections in the Third Party Connections module.
  • Improved the check for writing activity log to external database; now it is less restrictive and faster.

• Security fix

  • Upgraded the Freemius SDK to version 2.4.3.

• Bug fixes

  • Fixed: Database error when trying to log in with a non-existing user and a login notification is enabled.
  • Fixed: In some edge cases the plugin was creating an empty "external database" connection string.
  • Fixed a number of typos in the text of activity log events.
  • Fixed: Auto complete in the Delete activity log data section was not returning the correct list of objects.
  • Fixed: Wrong object reported for event ID 5029.
  • Fixed: Event ID 4000 not reported when front-end sensor is disabled.
  • Fixed: "Unknown connection type" reported back setting up a third party connection on specific versions of WordPress.
  • Fixed: Event ID 6320 (added / removed connection) reported instead of event ID 6321 (modified connection).
  • Fixed: Function that was running on "add_filter" instead of "add_action" - Support ticket.
  • Fixed: PHP warning about OPCacheUtils.php in specific setups.
  • Fixed: Edge case in which other plugins couldn't be installed or updated when WP Activity Log was activated.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

Preparing for 4.4

Release notes: the improvements in this update are required to prepare for WP Activity Log 4.4. Therefore it is important to install this update in preparation for update 4.4.

• Improvements
  • Removed opcache purging
  • Improved error handling during plugin upgrade

Bug fix - incompatibility issue with PHP 7.2

Merge pull request #605 from wpwhitesecurity/develop

Hotfix 4.3.3.1

Enterprise-grade features & more in latest release

Release notes: WP Activity Log 4.3.3: Plugin setting importer & exporter & support for REST API

New activity log event IDs
* ID 5028: Enabled or disabled automatic updates for a plugin.
* ID 5029: Enabled or disabled automatic updates for a theme.

New activity log event IDs for notifications in the plugin
* ID 6310: Changed the status of the "Daily activity log summary email".
* ID 6311: Modified the list of recepients of the "Daily activity log summary email".
* ID 6312: Changed the status of a built in notification.
* ID 6313: Changed the recepient(s) of a built in notification.
* ID 6314: Added a new custom notification.
* ID 6315: Modified a custom notification.
* ID 6316: Changed the status of a custom notification.
* ID 6317: Deleted a custom notification.
* ID 6318: Modified the default notification template.

New activity log event IDs for integrations & activity log mirrors
* ID 6320: Added a new integration connection.
* ID 6321: Modified an integration connection.
* ID 6322: Deleted an integration connection.
* ID 6323: Added a new activity log mirror.
* ID 6324: Modified an activity log mirror.
* ID 6325: Changed the status of an activity log morror (disabled/enabled).
* ID 6326: Deleted an activity log mirror.
* ID 6327: Changed the statues of the setting "Logging events to database".

New features
* Plugin settings exporter & importer: easily export and import the plugin's settings configuration for backups, migration etc.
* Options to delete specific data from the activity log, such as all events about a user, or an IP address.
* Plugin keeps log of authenticated user changes done to the website via the REST API.
* New button to only terminate the users' sessions that match the search criteria in Logged in users' session.
* Added the new {first_name} and {last_name} tags to the custom notifications template.
* New hook to edit the activity log event data before it is sent to mirrors.

Improvements
* Logs from subsites on multisite networks can be mirrored to AWS Cloudwatch as individual log streams.
* Activity log retention policy can now be specified by the number of days.
* Plugin now reports user role changes done via the "Members" plugin (by Memberpress).
* Event ID 2010 (user uploaded a file) now includes a link to the uploaded attachment.
* Added "Blog ID" and "Site URL" to mirrored activity log events.
* Hover over prompt for users entries in activity log viewer now displays more information about the user.
* Improved the handling of post meta changes (support ticket).
* Renamed menu entry "BD & Integrations" to "Integrations" to better reflect its purpose.
* Contact us link in install wizard now points to contact us page on website instead of homepage.
* Auto complete filters in Reports now check up to 100 records.
* Added additional database checks to ensure all data is removed from database upon uninstall on a multisite network.
* Improved coverage for the Members plugin - plugin now reports user role changes done via the Members plugin.
* Updated the "Help" link in the first time install wizard.
* change the "wsal_inactive_sessions_test" database override to a filter.
* Improved in-context help messages in plugin settings and ensured all titles are uniform.

Bug fixes
* Fixed a PHP warning which happened when visiting the plugin's settings pages (support ticket).
* Fixed PHP notice which happened when visiting an archive page (support ticket).
* Event IDs for "integration connections" changes wrongly reported for changes in "activity log mirroring connection" changes.
* Fixed: Activity log retention policies appearing twice in some scenarios.
* Fixed: Activity log retention settings and archive settings popup logic.
* Added the missing argument in a multisite network that were creating a PHP error during plugin uninstall.
* Setting the setting "Remove all data on uninstall" to "No" no longer leaves no option selected.

New external database module, plugin logging, and other exciting features

Release notes: WP Activity Log 4.3.2: New external database module, plugin logging, and other exciting features

New event IDs for WP Activity Log plugin settings changes
* ID 6046: enabled / disabled the Login Page Notification.
* ID 6047: changed the text of the Login Page Notification.
* ID 6048: changed the status of the Reverse proxy / firewall option.
* ID 6049: changed the Restriction Access setting.
* ID 6050: changed the list of users that can view the activity log.
* ID 6051: enabled / disabled the Hide plugin in plugins page setting.
* ID 6052: changed the activity log retention policies.
* ID 6053: excluded / included back a user in the activity log.
* ID 6054: excluded / included back a user role in the activity log.
* ID 6055: excluded / included back an IP address in the activity log.
* ID 6056: excluded / included back a post type in the activity log.
* ID 6057: excluded / included back a custom field in the activity log.
* ID 6058: excluded / included back a user profile custom field in the activity log.

New features
* A completely new external database module (with full backward compatability support).
* Activity log can now be stored on external MySQL databases on Microsoft Azure.
* A new sensor to keep a log of WP Activity Log plugin settings changes.
* New setting to "not write activity log to database" when mirroring the activity log to a third party service.
* The "all except from" criterion in the reports, allowing users to easily exclude specific object from a report criteria.
* Plugin database version: the plugin's database is now versioned, making it much easier to upgrade the database structured when required.
* Custom fields in user profiles can be excluded from the activity log from the "Exclude Objects" settings section.
* The filter "wsal_event_metadata_definition" which allows users to add additional meta data to an event in the activity log. Refer to the list of hooks & filters for more information.
* Added events severity level filter in the mirroring connection, allowing users to filter which events should be mirrored by severity level.

Improvements
* Replaced the old external database buffer system with the Action Scheduler library to improve reliability and performance.
* Redesigned the reports download functionality so it works on any type of WordPress web hosting.
* Replaced the old activity log events migration module with WP Background processing, for a more reliable migration process.
* Full support for PHP 8.
* Detection of third party plugins activity & recommendations for activity log extensions.
* Added a number of checks to the external database module for an improved database connection setup UX.
* Activity log plugin extensions are also hidden when the WP Activity Log plugin is hidden from the plugins page.
* Removed all the code that was previously used for migration of events between the WordPress and external database.
* Remove code that is no longer required in the free edition of the plugin.
* Better support for plugins that still use old methods (old use of the lostpassword_post filter) to allow users to reset their password without an error.
* All database events have been moved under the "WordPress & System" tab in the Enable/Disable events section.
* Improved the text of the plugin's install wizard.
* Live notifications in Admin toolbar are now disabled by default (performance enhancement).
* Amazon AWS library is disabled by default. Users will be alerted to initialize it from wp-config.php if required.
* Added the ";" as separator in the meta data section in CSV reports.
* Removed the event ID 4-digits limit to allow users to declare event IDs with 5+ digits.
* CSV reports now show the right username & display name, as configured in the plugin settings.

Bug fixes
* Plugin was not capturing user logouts from Ultimate Member plugin profile page.
* Plugin was reporting wrong directory name in URL in event ID 2101 on a multisite environment.
* In specific scenarios the plugin reported a custom field name as NULL in event ID 2054.
* Fixed the broken link to user profile page in event ID 4001.
* Event ID 4029 (user sent a password request) had the wrong Event Type.

Maintenance release - 4.3.0 followup release

Improvements
* Minimum version of PHP required now is 7.0.
* Added a custom prefix to libraries and dependencies used in the plugin to ensure there are no conflicts.

Bug fixes
* Corrected logic in code to ensure all sessions are handled and checked when destroying idle sessions.
* Fixed an issue causing create/expired times in the "Logged in users" view to appear incorrectly.
* Implemented a missing function without with events were not retreived from the MainWP extension.

The new mirroring module & integrations

Release notes: WP Activity Log 4.3: The new mirroring module & integrations

New features
* The new WordPress activity log mirroring module: mirror your website's activity log in real-time to AWS CloudWatch, Loggly, a log file and several other services.

Improvements
* The activity log is mirrored to third party services in real-time.
* Event metadata is included in the CSV reports.
* The severity levels of the activity log have been mapped to the standard severity levels documented in the RFC.
* The event metadata in the mirrored activity log events is in JSON format.
* Event type and Object metadata is included in the mirrored activity log events.
* Changes by third party plugins for which an extension is available are no longer muted when extension is not installed.
* Removed border from the first time install wizard (minor UI improvement).
* Support for X-ORIGINAL-FORWARDED-FOR HTTP header (more info in support for WAFS & reverse proxies)
* Plugin now is using the new in-plugin pricing page.
* A much improved default SMS alert and email notification template.
* Revamped the connections and mirroring wizards and included connectivity tests in them.
* Improved the external db connection (now it is a persistent connection).

Bug fixes
* Critical error was being reported when the failed logins notification was triggered.
* Fixed an unhandled exception which occurred when the free edition was activated on a site where the premium edition was already activated.
* Events time stamp in emails was not always the same as in the activity log.
* Event ID 2065 (modified content) was reported unnecessarily after adding a custom field to a post.
* Event ID 1010 (user requested password reset) was not reported when the password reset was requested from a custom user profile page.
* In some cases, archiving of the activity log could not be disabled.

Updating the events definition

Improvements
* Redefined and improved the definitions of the activity log events.
* Improved text for all the activity log events.