New external database module, plugin logging, and other exciting features

Release notes: WP Activity Log 4.3.2: New external database module, plugin logging, and other exciting features

New event IDs for WP Activity Log plugin settings changes
* ID 6046: enabled / disabled the Login Page Notification.
* ID 6047: changed the text of the Login Page Notification.
* ID 6048: changed the status of the Reverse proxy / firewall option.
* ID 6049: changed the Restriction Access setting.
* ID 6050: changed the list of users that can view the activity log.
* ID 6051: enabled / disabled the Hide plugin in plugins page setting.
* ID 6052: changed the activity log retention policies.
* ID 6053: excluded / included back a user in the activity log.
* ID 6054: excluded / included back a user role in the activity log.
* ID 6055: excluded / included back an IP address in the activity log.
* ID 6056: excluded / included back a post type in the activity log.
* ID 6057: excluded / included back a custom field in the activity log.
* ID 6058: excluded / included back a user profile custom field in the activity log.

New features
* A completely new external database module (with full backward compatability support).
* Activity log can now be stored on external MySQL databases on Microsoft Azure.
* A new sensor to keep a log of WP Activity Log plugin settings changes.
* New setting to "not write activity log to database" when mirroring the activity log to a third party service.
* The "all except from" criterion in the reports, allowing users to easily exclude specific object from a report criteria.
* Plugin database version: the plugin's database is now versioned, making it much easier to upgrade the database structured when required.
* Custom fields in user profiles can be excluded from the activity log from the "Exclude Objects" settings section.
* The filter "wsal_event_metadata_definition" which allows users to add additional meta data to an event in the activity log. Refer to the list of hooks & filters for more information.
* Added events severity level filter in the mirroring connection, allowing users to filter which events should be mirrored by severity level.

Improvements
* Replaced the old external database buffer system with the Action Scheduler library to improve reliability and performance.
* Redesigned the reports download functionality so it works on any type of WordPress web hosting.
* Replaced the old activity log events migration module with WP Background processing, for a more reliable migration process.
* Full support for PHP 8.
* Detection of third party plugins activity & recommendations for activity log extensions.
* Added a number of checks to the external database module for an improved database connection setup UX.
* Activity log plugin extensions are also hidden when the WP Activity Log plugin is hidden from the plugins page.
* Removed all the code that was previously used for migration of events between the WordPress and external database.
* Remove code that is no longer required in the free edition of the plugin.
* Better support for plugins that still use old methods (old use of the lostpassword_post filter) to allow users to reset their password without an error.
* All database events have been moved under the "WordPress & System" tab in the Enable/Disable events section.
* Improved the text of the plugin's install wizard.
* Live notifications in Admin toolbar are now disabled by default (performance enhancement).
* Amazon AWS library is disabled by default. Users will be alerted to initialize it from wp-config.php if required.
* Added the ";" as separator in the meta data section in CSV reports.
* Removed the event ID 4-digits limit to allow users to declare event IDs with 5+ digits.
* CSV reports now show the right username & display name, as configured in the plugin settings.

Bug fixes
* Plugin was not capturing user logouts from Ultimate Member plugin profile page.
* Plugin was reporting wrong directory name in URL in event ID 2101 on a multisite environment.
* In specific scenarios the plugin reported a custom field name as NULL in event ID 2054.
* Fixed the broken link to user profile page in event ID 4001.
* Event ID 4029 (user sent a password request) had the wrong Event Type.

Maintenance release - 4.3.0 followup release

Improvements
* Minimum version of PHP required now is 7.0.
* Added a custom prefix to libraries and dependencies used in the plugin to ensure there are no conflicts.

Bug fixes
* Corrected logic in code to ensure all sessions are handled and checked when destroying idle sessions.
* Fixed an issue causing create/expired times in the "Logged in users" view to appear incorrectly.
* Implemented a missing function without with events were not retreived from the MainWP extension.

The new mirroring module & integrations

Release notes: WP Activity Log 4.3: The new mirroring module & integrations

New features
* The new WordPress activity log mirroring module: mirror your website's activity log in real-time to AWS CloudWatch, Loggly, a log file and several other services.

Improvements
* The activity log is mirrored to third party services in real-time.
* Event metadata is included in the CSV reports.
* The severity levels of the activity log have been mapped to the standard severity levels documented in the RFC.
* The event metadata in the mirrored activity log events is in JSON format.
* Event type and Object metadata is included in the mirrored activity log events.
* Changes by third party plugins for which an extension is available are no longer muted when extension is not installed.
* Removed border from the first time install wizard (minor UI improvement).
* Support for X-ORIGINAL-FORWARDED-FOR HTTP header (more info in support for WAFS & reverse proxies)
* Plugin now is using the new in-plugin pricing page.
* A much improved default SMS alert and email notification template.
* Revamped the connections and mirroring wizards and included connectivity tests in them.
* Improved the external db connection (now it is a persistent connection).

Bug fixes
* Critical error was being reported when the failed logins notification was triggered.
* Fixed an unhandled exception which occurred when the free edition was activated on a site where the premium edition was already activated.
* Events time stamp in emails was not always the same as in the activity log.
* Event ID 2065 (modified content) was reported unnecessarily after adding a custom field to a post.
* Event ID 1010 (user requested password reset) was not reported when the password reset was requested from a custom user profile page.
* In some cases, archiving of the activity log could not be disabled.

Updating the events definition

Improvements
* Redefined and improved the definitions of the activity log events.
* Improved text for all the activity log events.

New events definition, maintenance update & new event IDs

Release notes: Maintenance update & new event IDs

Improved activity log coverage
* 6045: user changed the site language
* 4029: admin initatiated a user password reset

Improvements
* Improved events definition (prep work for version 4.3).
* Added the {meta} and {links} tags in email and SMS notifications.
* Plugin reports email address used in failed login attempt instead of System.
* Added nonce to daily email notification trigger to prevent possible CSRF issues.
* Updated some plugin settings so they can be centrally managed from the Activity Log for MainWP extension.
* Added more user privileges checks in the plugin (better restricted access to users who has read only access to the activity log).
* Activity log extensions name is now displayed in admin notices.
* Sorted the activity log extensions in alphabetical order in the plugin UI.
* Improved the Search filters labels.

Bug fixes
* Dates in reports were not being translated.
* Some cron job data was left behind during uninstall.
* A database entry was left behind during uninstall.
* Site administrators could see some plugin pages on a multisite network (help and about).
* Fixed some formatting issues with some of the event IDs.

Menu sensor hotfix

• Bug fix
  • Menus sensor causing fatal error when there are changes in a menu (support ticket 1 & 2)

Support for all date & time formats & other major updates

New features
* New daet & time module that supports any type of date and time format that WordPress supports.
* An all new activity log dashboard widget.
* Added activity log coverage for several new WordPress settings, including automatic updates settings, date and time settings and application passwords.

Improved activity log coverage

• New event IDs for changes in posts

  • ID 2129: User added / changed / removed a post's excerpt
  • ID 2130: User added / changed / removed a post's featured image

• New event IDs for changes in WordPress settings

  • ID 6035: Changed the "Your homepage displays" WordPress setting
  • ID 6036: Changed the homepage in the WordPress setting
  • ID 6037: Changed the posts page in the WordPress settings
  • ID 6040: Changed the Timezone in the WordPress settings
  • ID 6041: Changed the Date format in the WordPress settings
  • ID 6042: Changed the Time format in the WordPress settings
  • ID 6044: User changed the WordPress automatic update settings

• New event IDs for application passwords

  • ID 4025: User added / removed application password from own profile
  • ID 4026: User added / removed application password from another user's profile
  • ID 4027: User revoked all application passwords from own profile
  • ID 4028: User revoked all application passwords from another user's profile

• New event IDs for multisite network settings

  • ID 7007: The setting Allow site administrators to add new users to their site was enabled / disabled
  • ID 7008: The value of the Site upload space setting was changed
  • ID 7009: The value of the file size allowed in the site upload space setting was changed
  • ID 7010: Changed the list of allowed file types on the network
  • ID 7011: Changed the value of the maximum upload file size network setting

• Other new event IDs

  • ID 1010: User requested a password reset.

Improvements
* Improved coverage of users logins, logout and failed logins activity on custom login pages.
* Standardized the text, format and metadata formatting of all the activity log events.
* Drastically improved the coverage of the activity logs sensors with a number of new event IDs.
* Redesigned the activity logs extension UI.
* Support for URL rewrites and page names (correct page title reported even if the page is a URL rewrite).
* Default activity log SMS notifications template updated.
* Plugins version numbers are now reported in the activity log (for example when a plugin is updated).
* Users who hide the plugin from plugins page now get a notification when a plugin update is available.
* Consolidated the code that generates the activity log messages.
* Merged the Help and Contact us pages in the plugin menu.
* Improved the Reports filters queries to address timeout issues on very big websites.
* Replaced the "SHOW TABLES" queries for much better plugin performance.
* Removed the "/uploads/wp-activity-log/" directory in the free edition. This is only required in premium edition.
* Support for CloudFlare HTTP headers - plugin reports correct IP when behind CloudFlare CDN or firewall (more info on firewalls support)[https://wpactivitylog.com/support/kb/support-reverse-proxies-web-application-firewalls/].
* Reports, Email & SMS notifications and other modules now fully support metadata which contains the space character. For example the user role Shop Manager.
* Remove support for custom sensors. Custom event IDs in activity log now only supported via activity log extension plugin.
* Completely removed the code of the old promotional events (stopped using them in 2017).
* Removed the request log file setting. The request log file can now be enabled via a filter.
* Removed the working directory location setting from plugin settings. Instead introduced a new wp-config.php constant: WSAL_WORKING_DIR_PATH
* Plugin now using WP_CONTENT_DIR instead of ABSPATH were applicable (better supported by WordPress specific web hosts).
* Added event text to event IDs 1001 and 1001.
* The system information file now also includes all of the plugin's settings saved in the wp_options table.
* Simplified the process that retrieves filenames.
* Several under the hood performance improvements (removed obsolete code, improved sensors etc)

Bug fixes
* Event ID 1000 (user login) still logged when IP address is excluded.
* Change in page template was not being logged with event ID 2048.
* Event ID 2002 was not always reported in some edge cases.
* Plugin's directory in uploads was not being created when website was hosted on Flywheel and WordPress.com.
* Date & time were missing in CSV reports when using some specific date and time formats in WordPress.
* Super admin role was also shown for administrators on single site setup.
* Plugin was not showing the correct total of sessions when deleting all sessions.
* Plugin was generating a PHP error when a network site was deleted.
* No event was being reported when installing activity log extensions for third party plugins.
* Plugin installation was not running correctly when installed alongside the Website File Changes Monitor plugin.
* The setting to configure the number of failed logins to keep a log of was reset to default each time the settings page was saved.
* Wrong variable was used in licensing notifications, resulting in misleading error responses when license failed to activate.

Replaced Swipebox with

• Improvement
  • Replaced Swipebox with Simple Lightbox (compatible with WordPress 5.6)

Updated SDKs to the latest version and minor improvements

Improvements
* Updated the Freemius SDK to the latest version.
* Updated the Twilio SDK to the latest version.

• Bug fix
  • In some edge cases, the time in the reports was incorrect.

Support for new MainWP settings module & improved coverage

Release notes: WP Activity Log 4.1.5: Support for new MainWP settings module & improved coverage

• New features

  • Support for the new settings module in the Activity Log for MainWP extension.

• New event ID

  • ID 7012: user changed the network's users and sites registration settings.

• Security fix

  • SQL Injection in external database module reported by WP deeply. Thank you for the responsible disclosure.

• Breaking change

  • Removed detection and logging of requests to non-existing URLs (404s). Event ID 6007 and 6023 no longer used in the plugin. This breaking change resulted in a major performance improvement.

• Improvements

  • Added Event Type and Object in the activity log reports.
  • Improved the coverage of the login / logout detection sensor.
  • Improved format of "hover over pop-ups" used in the activity log viewer (such as the one to exclude a specific event ID).
  • Moved almost all of the remaining WooCommerce sensor code to the activity log for WooCommerce extension.
  • Improved UX for the front-end sensors settings - options now are available underneath the relevant event ID.
  • Removed redundant code that is now in the WordPress activity log extensions.

• Bug fixes

  • Sorting of activity log events not retained in following pages when in pagination mode.
  • Users sessions table was not being created when upgrading from the free to the premium editions of the plugin.
  • Link to exclude custom field in event was broken / not adding the custom field to the exclusion list.
  • Changing the category of a post was not being reported (Event ID 2016).
  • Unkown object was reported in event ID 6034 (purged activity log).
  • Changing password via the WooCommerce account page caused session to remain once user logs out.
  • Users could add multiple identical search filters causing a crash.
  • Users not redirected to the correct list of event IDs after installing the activity log for Yoast SEO extension.
  • Install Extension button in events was broken and not triggering the extension installer.