Activity Log
Comprehensive security event monitoring with alert rules and multi-channel notifications. GDPR-compliant with configurable retention policies.
Event Types
The Activity Log plugin records security-relevant events across your WordPress installation:
Authentication Events
- Successful and failed login attempts
- Logouts and session expirations
- Password resets and changes
- 2FA setup, success, and failure
Content Events
- Post/page create, update, delete, and status changes
- Media uploads, edits, and deletions
- Comment creation, approval, spam, and deletion
- Menu and widget changes
Plugin & Theme Events
- Installation, activation, deactivation, and deletion
- Updates (with version numbers)
- Theme switching
- Plugin/theme file edits (when file editor is enabled)
Settings Events
- WordPress option changes (site URL, admin email, etc.)
- User role and capability modifications
- User creation and deletion
- Permalink structure changes
System Events
- WordPress core updates
- Database table changes
- Cron job modifications
- File permission changes in sensitive directories
Alert Rules
Create custom alert rules that trigger notifications when specific events occur. Navigate to VistoShield → Activity Log → Alerts.
Each alert rule consists of:
| Component | Description |
|---|---|
| Trigger | The event type that fires the alert (e.g., "Failed login", "Plugin activated") |
| Conditions | Optional filters: specific user, role, IP range, or time window |
| Threshold | Number of occurrences within a time period before alerting |
| Channel | Where the notification is sent (email, Slack, webhook) |
| Cooldown | Minimum time between repeated alerts for the same rule |
Notification Channels
| Channel | Setup |
|---|---|
| Uses WordPress mail (wp_mail). Configure recipients per alert rule. | |
| Slack | Provide a Slack Incoming Webhook URL. Messages include event details and a link to the log entry. |
| Webhook | POST JSON payload to any URL. Useful for integration with PagerDuty, Telegram bots, custom dashboards, or SIEM systems. |
Tip: Use the webhook channel to forward events to a centralized SIEM or logging platform for cross-site correlation.
Retention Policy
Control how long activity logs are stored:
| Setting | Options | Default |
|---|---|---|
| Retention period | 7 days / 30 days / 90 days / 1 year / Forever | 90 days |
| Auto-cleanup | Enabled / Disabled | Enabled (runs daily via WP-Cron) |
| Export before delete | Enabled / Disabled | Disabled |
GDPR Compliance
The Activity Log plugin includes features to help meet GDPR requirements:
- Data export — Export all logged events for a specific user (supports WordPress personal data export tool)
- Data erasure — Delete all logged events for a specific user (supports WordPress personal data eraser tool)
- IP anonymization — Optionally hash or truncate IP addresses in stored logs
- Retention limits — Automatic deletion of old records per the configured retention policy
- Consent notice — Optional notice for admin users that their actions are logged
Important: IP anonymization reduces the usefulness of logs for security investigation. Consider your threat model when deciding whether to enable it.
Log Viewer
The log viewer at VistoShield → Activity Log provides:
- Filterable columns: event type, user, IP, date range
- Full-text search across all event descriptions
- Expandable rows showing complete event details and context
- Export to CSV or JSON for external analysis