Simple History – user activity log, audit tool

Description

Simple History shows recent changes made within WordPress, directly on your dashboard or on a separate page.

The plugin works as a log/history/audit log/version history of the most important events that occur in WordPress.

It’s a plugin that is good to have on websites where several people are involved in editing the content.

Out of the box Simple History has support for:

  • Posts and pages – see who added, updated or deleted a post or page

  • Attachments – see who added, updated or deleted an attachment

  • Taxonomies (Custom taxonomies, categories, tags) – see who added, updated or deleted an taxonomy

  • Comments – see who edited, approved or removed a comment

  • Widgets – get info when someone adds, updates or removes a widget in a sidebar

  • Plugins – activation and deactivation

  • User profiles – info about added, updated or removed users

  • User logins – see when a user login & logout. Also see when a user fails to login (good way to catch brute-force login attempts).

  • Failed user logins – see when someone has tried to log in, but failed. The log will then include ip address of the possible hacker.

  • Menu edits

  • Option screens – view details about changes made in the different settings sections of WordPress. Things like changes to the site title and the permalink structure will be logged.

  • Privacy page – when a privacy page is created or set to a new page.

  • Data Export – see when a privacy data export request is added and when this request is approved by the user, downloaded by an admin, or emailed to the user.

  • User Data Erasure Requests – see when a user privacy data export request is added and when this request is approved by the user and when the user data is removed.

Support for third party plugins

By default Simple History comes with built in support for the following plugins:

  • Jetpack – The Jetpack plugin is a plugin from Automattic (the company behind the WordPress.com service) that lets you supercharge your website by adding a lot of extra functions.
    In Simple History you will see what Jetpack modules that are activated and deactivated.

  • Advanced Custom Fields (ACF) – ACF adds fields to your posts and pages.
    Simple History will log changes made to the field groups and the fields inside field groups. Your will see when both field groups and fields are created and modified.

  • User Switching – The User Switching plugin allows you to quickly swap between user accounts in WordPress at the click of a button.
    Simple History will log each user switch being made.

  • WP Crontrol – The WP Crontrol plugin enables you to view and control what’s happening in the WP-Cron system.
    Simple History will log when cron events are added, edited, deleted, paused, resumed, and manually ran, and when cron schedules are added and deleted.

  • Enable Media Replace – The Enable Media Replace plugin allows you to replace a file in your media library by uploading a new file in its place.
    Simple history will log details about the file being replaced and details about the new file.

  • Limit Login Attempts – The plugin Limit Login Attempts is old
    and has not been updated for 4 years. However it still has +1 million installs, so many users will benefit from
    Simple History logging login attempts, lockouts, and configuration changes made in the plugin Limit Login Attempts.

  • Redirection – The redirection plugin manages url redirections, using a nice GUI.
    Simple History will log redirects and groups that are created, changed, enabled or disabled and also when the global plugin settings have been modified.

  • Duplicate Post – The plugin Duplicate Post allows users to
    clone posts of any type.
    Simple History will log when a clone of a post or page is done.

  • Beaver Builder – The plugin Beaver Build is a page builder for WordPress that adds a flexible drag and drop page builder to the front end of your WordPress website.
    Simple History will log when a Beaver Builder layout or template is saved or when the settings for the plugins are saved.

Plugin authors can add support for Simple History in their plugins using the logging API. Plugins that have support for Simple History includes:

What users say

300+ five-star reviews speak to the reliability of this plugin.

  • „So far the best and most comprehensive logging plugin“@herrschuessler

  • „The best history plugin I’ve found“Rich Mehta

  • „Custom Logs Are Crazy Awesome!“Ahmad Awais

  • „Amazing activity logging plugin“digidestination

  • „Fantastic plugin I use on all sites“Duncan Michael-MacGregor

  • „Useful Quick View of Activity“Dan O

  • „The best Activity Plugin“Rahim

  • „The best free history plugin ever“abazeed

  • „It is a standard plugin for all of our sites“Mr Tibbs

RSS feed with changes

Using the optional password protected RSS feed you can keep track of the changes made on your website using your favorite RSS reader.

Comes with WP-CLI commands

For those of you who like to work with the command line there are also some WP-CLI commands available.

  • wp simple-history list – List the latest logged events.

Example scenarios

Keep track of what other people are doing:
„Has someone done anything today? Ah, Sarah uploaded
the new press release and created an article for it. Great! Now I don’t have to do that.“

Or for debug purposes:
„The site feels slow since yesterday. Has anyone done anything special? … Ah, Steven activated ‘naughty-plugin-x’,
that must be it.“

API so you can add your own events to the audit log

If you are a theme or plugin developer and would like to add your own things/events to Simple History you can do that by using the function SimpleLogger() like this:

<?php

if ( function_exists("SimpleLogger") ) {

        // Most basic example: just add some information to the log
        SimpleLogger()->info("This is a message sent to the log");

        // A bit more advanced: log events with different severities
        SimpleLogger()->info("User admin edited page 'About our company'");
        SimpleLogger()->warning("User 'Jessie' deleted user 'Kim'");
        SimpleLogger()->debug("Ok, cron job is running!");

}
?>

See the documentation for examples on how to log your own events and how to query the log, and more.

Translations/Languages

So far Simple History is translated to 17 languages: Chinese (China), Danish, Dutch, Dutch (Belgium), English (US), French (France), German, German (Switzerland), Korean, Polish, Portuguese (Brazil), Russian, Spanish (Colombia), Spanish (Mexico), Spanish (Spain), Spanish (Venezuela), and Swedish.

If you want to translate Simple History to your language then read about how this is done over at the Polyglots handbook.

Contribute at GitHub

Development of this plugin takes place at GitHub. Please join in with feature requests, bug reports, or even pull requests!
https://github.com/bonny/WordPress-Simple-History

Donation

If you like this plugin please consider donating to support the development.

You can donate using PayPal or you can become a GitHub sponsor.

Screenshots

  • The log view + it also shows the filter function in use - the log only shows event that are of type post and pages and media (i.e. images & other uploads), and only events initiated by a specific user.

  • The Post Quick Diff feature will make it quick and easy for a user of a site to see what updates other users have done to posts and pages.

  • When users are created or changed you can see details on what have changed.

  • Events have context with extra details - Each logged event can include useful rich formatted extra information. For example: a plugin install can contain author info and a the url to the plugin, and an uploaded image can contain a thumbnail of the image.

  • Click on the IP address of an entry to view the location of for example a failed login attempt.

  • See even more details about a logged event (by clicking on the date and time of the event).

  • A chart with some quick statistics is available, so you can see the number of events that has been logged each day. A simple way to see any uncommon activity, for example an increased number of logins or similar.

FAQ

Can I add my own events to the log?

Yes. See the Developer Documentation.

Is it possible to exclude users from the log?

Yes, you exclude users by role or email using the filter simple_history/log/do_log.

See the hooks documentation for more info.

For how long are events stored?

Events in the log are stored for 60 days by default. Events older than this will be removed.

This can be modified using the filter simple_history/db_purge_days_interval or using the upcoming Simple History Plus add-on.

Reviews

28. Septembar 2023.
Super easy to set up, works out of the box and does everything i was hoping and more. Great job!
22. Septembar 2023. 1 reply
I like this plugin. I would kindly ask developer if there is a way to prevent admin role history? It causes clutter for no reason. Other than that, excellent plugin. Thank you.
30. August 2023.
Does exactly what it promises and is an essential tool for auditing.
20. Juli 2023. 1 reply
4 updates because of bug fixes, can't you please issue a stable version once and for all? I used to like this plugin but this is too much!
Read all 368 reviews

Contributors & Developers

“Simple History – user activity log, audit tool” is open source software. The following people have contributed to this plugin.

Contributors

“Simple History – user activity log, audit tool” has been translated into 16 locales. Thank you to the translators for their contributions.

Translate “Simple History – user activity log, audit tool” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

4.6.0 (September 2023)

This release contains some new filters and some other improvements.
See the release post for more info.

  • Added: Filter simple_history/get_log_row_plain_text_output/output to be able to modify the output of the plain text output of a log row. Solves support thread Is it possible to log post ID. See documentation page for filter for details.
  • Added: Filter simple_history/log_insert_data_and_context to be able to modify the data and context that is inserted into the log.
  • Added: WP-CLI command now includes „via“ in output.
  • Added: Debug settings tab now shows if a logger is enabled or disabled.
  • Changed: WP-CLI: ID field is not the first column and in uppercase, to follow the same format as the other wp cli commands use.
  • Changed: GUI enhancements on settings page.
  • Changed: Don’t log WooCommerce post type shop_order_placehold, that is used by WooCommerce new High-Performance Order Storage (HPOS).
  • Fixed: Allow direct access to protected class variable $logger->slug but mark access as deprectad and recommend usage of $logger->get_slug(). Fixes support thread PHP fatal error Cannot access protected property $slug.

4.5.0 (August 2023)

This release contains some smaller new features and improvements.
See the release post for more info.

Added

  • The debug page now detects if the required tables are missing and shows a warning. This can happen when the database of a website is moved between different servers using software that does not know about the tables used by Simple History. Fixes issue #344 and support thread Missing table support among others.
  • Add filters simple_history/feeds/enable_feeds_checkbox_text and simple_history/feeds/after_address.
  • Add action simple_history/settings_page/general_section_output.
  • Add filter simple_history/db/events_purged that is fired after db has been purged from old events.
  • Add helper functions required_tables_exist(), get_class_short_name().
  • Add function get_slug() to Dropin class.
  • Add function get_rss_secret() to RSS_Dropin class.
  • Show review hint at footer on settings page and log page.
  • Add functions get_instantiated_dropin_by_slug(), get_external_loggers(), set_instantiated_loggers(), set_instantiated_dropins(), get_instantiated_services() to Simple_History class.
  • Dropins and services are now listed on the debug page.

Changed

  • Order of settings tab can now be set with key order in the array passed to add_settings_tab().
  • Rename network admin menu item „Simple History“ to „View History“ to use to same name as the admin menu item.
  • Purged events are logged using the simple history logger (instead of directly in the purge function).
  • Refactor code and move core functionality to multiple service classes.

4.4.0 (August 2023)

This version of Simple history is tested on the just released WordPress 6.3. It also contains some new features and bug fixes.

Release post for Simple History 4.4.0.

Added

  • Logger for logging changes to the Simple History settings page. 🙈 And yes, it was quite embarrassing that the plugin itself did not log its activities.
  • RSS feed now accepts arguments to filter the events that are included in the feed. This makes it possible to subscribe to for example only WordPress core updates, or failed user logins, or any combination you want. See the documentation page for available arguments and some examples. #387
  • Event ID of each entry is included in WP-CLI output when running command wp simple-history list.
  • Filter simple_history/settings/log_cleared that is fired after the log has been cleared using the „Clear log now“ button on the settings page.
  • Add helper function is_plugin_active() that loads the needed WordPress files before using the WordPress function with the same name. Part of fix for #373.

Fixed

Changed

  • Tested on WordPress 6.3.
  • Use uniqid() as cache invalidator instead of time(). Querying the log multiple times during the same PHP request with the same arguments, adding entries to the log between each log query, the same results would be returned.
  • Function get_event_ip_number_headers() moved from Simple Logger class to Helpers class.
  • Misc internal code cleanup.

4.3.0 (July 2023)

Added

  • Add action simple_history/rss_feed/secret_updated that is fired when the secret for the RSS feed is updated.
  • Add tests for RSS feed.

Fixed

  • RSS feed: Use esc_xml to escape texts. Fixes support thread XML error with RSS feed, issue #364.
  • RSS feed: Some texts was double escaped.
  • Plugin User Switching: store login and email context of user performing action, so information about a user exists even after user deletion. #376.

4.2.1 (July 2023)

Fixed

4.2.0 (July 2023)

Added

  • Filter simple_history/day_of_week_to_purge_db to set the day that the db should be cleared/purged on. 0 = monday, 7 = sunday. Default is 7.
  • Add class SimpleHistory so old code like SimpleHistory->get_instance() will work.
  • Add helper function camel_case_to_snake_case().
  • Automatically convert camelCase function names to snake_case function names when calling functions on the \Simple_History class. This way more old code and old examples will work. Fixes for example support thread.
  • Add Helpers::privacy_anonymize_ip().
  • Add filter simple_history/privacy/add_char_to_anonymized_ip_address to control if a char should be added to anonymized IPV4 addresses.
  • Add filter simple_history/maps_api_key to set a Google Maps API key to be used to show a Google Map of the location of a user login using the user IP address.
  • If a Google Maps API key is set then a map of a users location is shown when clicking on the IP address of a logged event. #249.

Fixed

  • Fix Undefined property warning when loading more similar events. #357
  • Include „Plugin URI“ from plugin when logging single plugin installs. #323
  • Check that installed theme has a destination_name. #324
  • Log correct role for user when adding a user on a subsite on a network/multisite install. #325
  • Check that required array keys exists in theme- and translation loggers. Fixes support thread, issue #339.
  • Fix undefined index warning in logger when context was missing _user_id, _user_email, or _user_login. Fix #367.
  • Misc code cleanup and improvements.
  • Fix spellings, as found by Typos.

Changed

  • Move function get_avatar() to helpers class.
  • Change location of filter gettext and gettext_with_context and unhook when filter is not needed any more, resulting in much fewer function calls.
  • IPV4 addresses that are anonymized get a „.x“ added last instead of „.0“ to make it more clear to the user that the IP address is anonymized.

Removed

  • Remove unused schedule simple_history/purge_db.
  • Remove function filter_gettext_store_latest_translations().
  • Remove support for automatically un-translating messages to the log, loggers are better and have better support for languages.

4.1.0 (July 2023)

Added

  • Actions simple_history/pause and simple_history/resume to pause and resume logging. Useful for developers that for example write their own data importers because the log can be overwhelmed with data when importing a lot of data. #307
  • clear_log() now returns the number of rows deleted.
  • Added disable_taxonomy_log() to simplify disabling logging of a taxonomy.
  • Function get_db_table_stats() that returns for example the number of rows in each table.

Fixed

  • Check that array keys attachment_parent_title and attachment_parent_post_type exists in Media Logger. #313
  • Don’t log when terms are added to author taxonomy in Co-Authors Plus. Fixes support thread, issue #238.
  • Don’t load the log or check for updates on dashboard if the widget is hidden.
  • Don’t check for updates on dashboard if a request is already ongoing.

Changed

  • Moved filter simple_history/dashboard_pager_size to method get_pager_size_dashboard().
  • Move function get_initiator_text_from_row() to Log_Initiators class.
  • If a filter is modifying the pager sizes then show a readonly text input with pager size instead of a dropdown select. #298
  • Update Chart.js library from 2.0.2 to 4.3.0. Fixes support thread, issue #340.

4.0.1 (June 2023)

Fixed

  • Replace multibyte functions with non-multibyte versions, since mbstring is not a required PHP extension (it is however a highly recommended one). Should fix https://wordpress.org/support/topic/wordpress-critical-error-9/. (#351)

4.0.0 (June 2023)

🚀 This update of Simple History contains some big changes – that you hopefully won’t even notice.

For regular users these are the regular additions and bug fixes:

Changed

  • Minimum required PHP version is 7.4. Users with lower versions can use version 3.4.0 of the plugin.
  • Minimum required WordPress version is 6.1.
  • Categories logger does not log changes to taxonomy nav_menu any longer, since the Menu logger takes care of those, i.e. changes to the menus.

Added

  • Log if „Send personal data export confirmation email“ is checked when adding a Data Export Request.
  • Log when a Data Export Request is marked as complete.
  • Log when Personal Data is erased by an admin.
  • Log when a group is modified in Redirection plugin.
  • Added context key export_content to export logger. The key will contain the post type exported, or „all“ if all content was exported.

Fixed

👩‍💻 For developers there are some bigger changes, that is noticeable:

  • The plugin now uses namespaces – and they are loaded using an autoloader.
  • The code has been changed to follow WordPress coding standard. This means that for example all functions have been renamed from myFunctionName() to my_function_name().
  • The update to PHP 7.4 as the minimum required PHP version makes code more modern in so many ways and makes development easier and more funny, since we don’t have to worry about backwards compatibility as much.
  • Many more tests using wp-browser have has been added to minimize risk of bugs or fatal errors.

A more detailed changelog that probably most developers are interested in:

Added

  • Add cached = true|false to AJAX JSON answer when fetching events or checking for new events. It’s a simple way to see if an object cache is in use and is working.
  • Most of the code now uses namespaces.
    • The main namespace is Simple_History.
    • The main class is Simple_History\Simple_History.
    • Dropins use namespace Simple_History\Dropins and dropins must now extend the base class Dropin.
    • Loggers use namespace Simple_History\Loggers and loggers must extend the base class Logger.
  • Add hooks that controls loggers and their instantiation: simple_history/core_loggers, simple_history/loggers/instantiated.
  • Add hooks that controls dropins and their instantiation: simple_history/dropins_to_instantiate, simple_history/core_dropins, simple_history/dropins_to_instantiate, simple_history/dropin/instantiate_{$dropin_short_name}, simple_history/dropin/instantiate_{$dropin_short_name}, simple_history/dropins/instantiated.
  • Add filter simple_history/ip_number_header_names.
  • Add methods get_events_table_name() and get_contexts_table_name().
  • Call method loaded() on dropins when they are loaded (use this instead of __construct).
  • Make sure that a dropin class exists before trying to use it.

Changed

  • Improved code organization with the introduction of namespaces. Code now uses namespaces and classes (including loggers and dropins) are now loaded using an autoloader.
  • Functions are renamed to use snake_case (WordPress coding style) instead of camelCase (PHP PSR coding style). Some examples:
    • registerSettingsTab is renamed to register_settings_tab.
  • Remove usage of deprectead function wp_get_user_request_data().
  • Rename message key from data_erasure_request_sent to data_erasure_request_added.
  • Rename message key from data_erasure_request_handled to data_erasure_request_completed.
  • Applied code fixes using Rector and PHPStan for better code quality.
  • Add new class Helpers that contain helper functions.
  • Move functions simple_history_get_current_screen(), interpolate(), text_diff, validate_ip, ends_with, get_cache_incrementor to new helper class.
  • Function get_ip_number_header_keys is moved to helper class and renamed get_ip_number_header_names.
  • Class SimpleHistoryLogQuery renamed to Log_Query.
  • Class SimpleLoggerLogLevels renamed to Log_Levels.
  • Class SimpleLoggerLogInitiators renamed to Log_Initiators.
  • Dropin files are renamed.
  • Move init code in dropins from __construct() to new loaded() method.
  • Rename getLogLevelTranslated() to get_log_level_translated() and move to class log_levels.
  • Rename message key user_application_password_deleted to user_application_password_revoked.
  • Context key args is renamed to export_args in export logger. This key contains some of the options that was passed to export function, like author, category, start date, end date, and status.
  • Ensure loggers has a name and a slug set to avoid development oversights. _doing_it_wrong() will be called if they have not.
  • Logger: Method get_info_value_by_key() is now public so it can be used outside of a logger.
  • Logger: Method get_info() is now abstract, since it must be added by loggers.
  • For backwards compatibility SimpleHistoryLogQuery, SimpleLoggerLogLevels, SimpleLoggerLogInitiators, SimpleLogger will continue to exist for a couple of more versions.

Removed

  • Function simple_history_add has been removed. See docs.simple-history.com/logging for other ways to add messages to the history log.
  • Unused function sh_ucwords() has been removed.
  • Removed filters simple_history/loggers_files, simple_history/logger/load_logger, 'simple_history/dropins_files'.
  • Unused class SimpleLoggerLogTypes removed.
  • Removed logger for plugin Ultimate Members.
  • Removed patches for plugin captcha-on-login.
  • Remove dropin used to populate log with test data.
  • Remove dropin used to show log stats.
  • Examples in examples folder are removed and moved to the documentation site at docs.simple-history.com.

3.5.1 (May 2023)

  • Fixed JavaScript error when Backbone.history is already started by other plugins. Fixes https://github.com/bonny/WordPress-Simple-History/issues/319.

3.5.0 (March 2023)

  • Added: Log an entry when a cron event hook is paused or resumed with the WP Crontrol plugin #328.
  • Fixed: DB error on MariaDB database when collation utf8mb4_unicode_520_ci is used for the Simple history tables. Reported at: https://wordpress.org/support/topic/database-error-after-upgrade-to-wordpress-6-1/.
  • Tested up to WordPress 6.2.

Note: Next major version of the plugin will require PHP 7. If you are running a PHP version older than that please read https://wordpress.org/support/update-php/.

3.4.0 (February 2023)

  • Changed: When exporting a CSV file of the history, each cell is escaped to reduce the risk of „CSV injection“ in spreadsheet applications when importing the exported CSV. Reported at: https://patchstack.com/database/vulnerability/simple-history/wordpress-simple-history-plugin-3-3-1-csv-injection-vulnerability.

Changelog for 2022 and earlier