Releases: wpwhitesecurity/wp-security-audit-log
New segregated front-end sensors
Release notes: Update 3.5 - New configurable front-end sensors & improved wizard
-
New Features
- 3 new front-end sensors that can be individually enabled / disabled individually (used for front end activity, such as logins from non-default WordPress login page).
-
Improvements
- Improved the hide plugin feature: number of installed plugins is also adjusted when plugin is hidden.
- Added new steps in the wizard to help users configure the front-end sensors when they install the plugin.
- Plugin keeps log of stock changes when orders are placed manually or items in orders are changed (WooCommerce Activity Log).
- Removed event ID 2126 (visitor posted a comment): noticed almost all users disable it since this is trivial information / change.
-
Bug Fixes
- Plugin was not reporting correct product name & stock quantity when WooCommerce Tab Manager was installed.
- Mirroring cron jobs not firing / not copying logs to mirror.
- Unhandled error when using custom login pages.
Minor update - bug fixes
- Fixed event 4012 (created new network user).
- Fixed PHP fatar error in which visitor public events are disabled.
Front-end plugin performance improvements & MainWP extension support
-
New Features
- Plugin performance improved five fold.
- Improved log coverage of WooCommerce products - plugin keeps log of changes done to products via quick edit.
- Added coverage of WooCommerce product changes done with Admin Columns Pro.
- Support for the new Search and Reports features coming up in the Activity Log for MainWP extension.
-
Improvements
- Improved log coverage of draft posts - now plugin reports the details of changes on draft posts.
- Added report title in HTML reports.
- Maximum number of logged in user sessions the plugin retrieves is now be configured.
- Removed plugin branding from WordPress activity log HTML reports and automated emails.
- Removed a number of redundant files from old premium extensions.
- Events in activity log dashboard widget have been shortened for better readability.* Removed broken links from 404 error email notifications.
-
Bug fixes
- Plugin now sends the IP address when mirroring WordPress activity log to Slack.
- Fixed an edge case in which cron jobs for mirroring of activity log were not firing.
UX & Performance upates
Release notes: Update 3.4.2 - Plugin UX & Performance Improvements
-
New Feature
- A hook to specify the number of events shown by default in the audit log viewer when in infinite scroll view mode.
-
Improvements
- Optimized the database queries used for search and filters (30x faster!).
- Improved tracking of mirrored events to avoid mirroring duplicate events.
- Specific error messages that help you troubleshoot are now shown when integrating Twilio for SMS notitications.
- Plugin shows warning to install Activity Log for MainWP when installed on MainWP website.
- Added website URL in default email notifications for WordPress.
- MySQL response errors are now displayed when configuring an external database connection.
- Improved the first time install message about non-sensitive diagnostic data.
- Width of first install wizard prompt is responsive.
-
Bug fixes
- Plugin logs an error when a non exising WooCommerce page is requested (HTTP 404).
- Handling of infinite loop when Freemius API is unavailable during plugin first install.
New import/export feature & hooks for theme developers
Release notes: New plugin settings import/export tool & hooks for theme developers
-
New Features
- Tool to export and import plugin configuration & settings.
- Exclude range of IP addresses from the activity log.
- New hooks for theme developers to display the custom login messages the plugin shows when multiple user sessions are blocked.
- New hook to add a list of hidden meta keys the plugin should keep a log of.
-
Plugin Improvements
- First time plugin use texts is now easier to read and much shorter.
- Added support for more time & date formats in the activity log reports for WordPress.
- Improved content sensor - previously reporting events not neccessarily needed (background processes)
- Removed hardcoded paths from the WordPress file integrity scanner.
- Removed Sites filter from audit log viewer - made redundant by the site selector drop down menu.
-
Bug Fixes
- Multiple events reporting the same thing generated when user changes WooCommerce shipping / billing address.
- Updated incorrect tags used in test SMS message.
- Event 2002 (modified post) reported even when there is a specific change event ID.
- Event 2016 (plugin modified post) reported whenever a post is updated by user.
- External database connection cannot be deleted because it is marked in use even when not.
- Plugin generating error when set_user_role is set to NUL in request.
- Infinite scroll stops working on Firefox (intermittent issue).
Minor fixes (backward compatibility for PHP 5.4)
- Bug Fixes
- Backward compatibility issue for PHP 5.4.
- Fix for audit log page search extension check function.
SMS Notifications & Improved Activity Log Coverage
Release notes: Announcing SMS Notifications for the WordPress audit logs
-
New Features
- SMS notifications (integration with Twilio) for the WordPress audit logs.
- Integration with Bit.ly to shorten URL in SMSs.
- Added buttons to test email and SMS notifications.
- Support for User Switching plugin.
-
New Activity Log Event IDs
- Event ID 1008: user logged in as another user.
- Event ID 9083: user changed the billing address (WooCommerce).
- Event ID 9084: user changed the shipping address (WooCommerce).
-
Plugin Improvements
- Added more pre-configured SMS & email notifications.
- Improved all sensors to also detect changes that are not done via the dashboard.
- Optimized some metadata database queries (reduced qeuries by 75%).
- Improved the content sensor (better detection of content changes).
- Optimized the database query that fetches list of logged in users.
- Removed email notifications wizard.
- Standardized all tabs and titles in the Emails & SMS Notifications feature.
- Improved the help text in the Emails & SMS Notifications feature.
- Removed the limit of 5 criteria in the notifications trigger builder.
- Removed declaration of emails' Mime-type - this is automatically set so there is no need for it.
-
Bug Fixes
- WooCommerce order name was not reported in event ID 9040 (changed order detail) in some edge cases.
- Maximum execution time configured in the WordPress activity log reports engine now is only used when generating a report.
- CSV reports were not being generated.
- Audit trail auto refresh was not working when using infinite scroll viewer option.
- Plugin reporting event 9032 (disabled use of WooCommerce coupons) by mistake.
- Event IDs 2046 and 2051 were not being reported when files were modified via the editors.
- Plugin reporting event 2002 when there were changes in a post's Yoast SEO metabox.
- Removed all reference to obsolete plugin setting: wsal-archiving-date-e.
- Admins on multisite child sites could see the activity logs of other sites.
- Event ID 2073 (post submitted for review) was not being reported in Gutenberg.
- Event 2074 (scheduled post) was not being reported in Gutenberg.
Logging for variable products in WooCommerce
Release notes: Activity Log Coverage of WooCommerce Variable Products
-
New Activity Log Events for WooCommerce
- Event ID 9078: Changed the option to include / exclude taxes in product prices.
- Event ID 9079: Changed the option on what type of shipping to calculate tax on.
- Event ID 9080: Changed the shipping tax class.
- Event ID 9081: Enabled / Disabled the rounding of the sub total.
- Event ID 9082: Added / Deleted / Modified a shipping zone on WooCommerce.
-
Plugin Improvements
- Better handling of plugin activation on multisite - plugin can only be activated from the network dashboard.
-
Bug Fixes
- Updated Freemius SDK which includes a security fix.
Introducing infinite scroll and performance enhancements
Release notes: Introducing infinite scroll and performance enhancements
-
New Features
- New infinite scroll view in audit log viewer making the browsing of the activity logs much faster.
-
Plugin Improvements
- Improved the search filters - now they are much faster.
- Improved user session handling to better handle >1,000 sessions.
- Replaced PHP severity with event log severity in the list of Events.
-
Bug Fixes
- Scan Now button for the WordPress file integrity scanner is grayed out when auto scanning is disabled.
Major WooCommerce coverage update
Release notes: Major Activity Log Improvement in WooCommerce Coverage
-
New Events for WooCommerce Orders
- ID 9035: New order placed in WooCommerce.
- ID 9036: Changed the status of a WooCommerce order.
- ID 9037: Moved a WooCommerce order to trash.
- ID 9038: Restored a WooCommerce order from the trash.
- ID 9039: Permanently deleted an order.
- ID 9040: Changed the orders details.
- ID 9041: Refunded a WooCommerce order
-
New Events for WooCommerce Product Admin & Attributes Changes
- ID 9042: Changed the catalog visibility of a product.
- ID 9043: Changed the Featured product setting of a product.
- ID 9044: Changed the allow backorders setting of a product.
- ID 9045: Changed the the Upsells of a product.
- ID 9046: Changed the Cross-sells of a product.
- ID 9047: Added a new attribute of a product.
- ID 9048: Modified the value of a product attribute.
- ID 9049: Renamed a product attribute.
- ID 9050: Deleted a product attribute.
- ID 9051: Changed the visibility of a product attribute.
-
New Events for WooCommerce Categories
- ID 9052: Deleted a product category.
- ID 9053: Changed the slug of a product category.
- ID 9054: Changed the parent of a product category.
- ID 9055: Changed display type of a product category.
- ID 9056: Changed the name of a product category.
-
New Events for WooCommerce Payment Gateways
- ID 9074: Enabled a payment gateway.
- ID 9075: Disabled a payment gateway.
- ID 9076: Modified a payment gateway.
-
New Events for WooCommerce Coupons:
- ID 9063: Published a new coupon.
- ID 9064: Changed the discount type of a coupon.
- ID 9065: Changed the coupon amount.
- ID 9066: Changed the coupon expire date.
- ID 9067: Changed the Usage Restriction settings of a coupon.
- ID 9068: Changed the Usage Limits settings of a coupon.
- ID 9069: Changed the description of a coupon.
- ID 9070: Changed the status of a coupon.
- ID 9071: Renamed the WooCommerce coupon.
-
New Events for WooCommerce Attributes:
- ID 9057: User created a new attribute.
- ID 9058: User deleted an attribute.
- ID 9059: User changed the slug of an attribute.
- ID 9060: User changed the name of an attribute.
- ID 9061: User changed the default sort order of an attribute.
- ID 9062: User enabled/disabled the option Enable Archives of an attribute.
-
New Features
- Email notification to site admin when the plugin is deactivated.
- New setting to control refreshing of the live notifications in the admin bar.
- Three new hooks in the activity log plugin that allow for event data manipulation.
-
Plugin Improvements
- Major performance enhancement to the Event Viewer
- Updated the text of some settings.
- Event severities are now saved as meta data (we can now build filters for them).
- Added the product status in all WooCommerce events.
- Event 9011 (modified draft WooCommerce product) made obsolete with event 9010.
- Event 9020 changed to report the different product types (simple, grouped, external, variable, downloadable, virtual)
- Updated Freemius SDK
- Better handling of incorrect database privileges when installing plugin.
- Excluded the default WordPress cache directory from the default WordPress File Integrity Scans
-
Bug Fixes
- Events 2027 and 2011 incorrectly logged hen saving a draft post in Gutenberg.
- Plugin logged event 5019 by mistake when the front end editor of WP Bakery was used.
- When files bigger than the file size limit were scanned for the first time the plugin wrongly reported them as modified.
- In some cases where WordPress was not upgraded to 5.0 the plugin was not recognizing content changes.