=== WP Security Audit Log ===
Contributors: WPWhiteSecurity, robert681
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=donations%40wpwhitesecurity%2ecom
Plugin URI: http://www.wpwhitesecurity.com/wordpress-security-plugins/wp-security-audit-log/
License: GPLv3
License URI: http://www.gnu.org/licenses/gpl.html
Tags: wordpress security plugin, wordpress security audit log, audit log, wordpress log, event log wordpress, wordpress user tracking, wordpress activity log, wordpress audit, security event log, audit trail, security audit trail, wordpress security alerts, wordpress monitor, wordpress security monitor, wordpress admin, wordpress admin monitoring, analytics, activity, admin, multisite, wordpress multisite, actions, dashboard, log, notification, wordpress monitoring, email notification, wordpress email alerts, tracking, user tracking, user activity report
Requires at least: 3.6
Tested up to: 4.2.1
Stable tag: 1.6.1

Keep an WordPress audit log of all users' changes and other under the hood activity - Identify WordPress issues before they become security problems.

== Description ==
Keep an audit log of everything that is happening on your WordPress and [WordPress multisite](http://www.wpwhitesecurity.com/wordpress-plugins/wp-security-audit-log-plugin-features-wordpress-multisite/) with WP Security Audit Log to ensure user productivity and identify WordPress security issues before they become a security problem. WP Security Audit Log, WordPress' most comprehensive user monitoring and audit log plugin already helps thousands of WordPress administrators, owners and security professionals ensure the security of their websites and blogs. Ensure the security of your WordPress too by installing WP Security Audit Log. The community's favourite WordPress user monitoring monitoring and security auditing plugin is developed by WordPress Security Consultants and Professionals [WP White Security](http://www.wpwhitesecurity.com/). 

> <strong>Free and Premium Support</strong><br>
> 
> WP White Security provides support for WP Security Audit Log plugin on the WordPress forums for free, though please note that it is free support hence it is not always possible to answer all questions on a timely manner, although we do try.
> Personalized premium support is available via email to anyone who purchases any of the [Premium Extensions](http://www.wpwhitesecurity.com/wordpress-security-plugins/wp-security-audit-log/extensions/), such as the [WordPress Email Notifications](http://www.wpwhitesecurity.com/plugins-premium-extensions/email-notifications-wordpress/), [Search](http://www.wpwhitesecurity.com/plugins-premium-extensions/search-filtering-extension/) and [Reporting](http://www.wpwhitesecurity.com/plugins-premium-extensions/wordpress-reports-extension/) extensions.

= Keep A WordPress Security Audit Log & Identify WordPress Security Issues =
WP Security Audit Log keeps a log of everything happening on your WordPress blog or website and WordPress multisite network. By using WP Security Audit Log security plugin it is very easy to track suspicious user activity before it becomes a problem or a security issue. A security alert is generated by the plugin when:

* New user is created via registration or by another user
* User changes the role, password or other profile settings of another user
* User on a WordPress multisite network is added or removed from a site 
* User uploads or deletes a file, changes a password or email address
* User installs, activates, deactivates, upgrades or uninstalls a plugin
* User creates a new post, page, category or a custom post type
* User modifies an existing post, page, category or a custom post type
* User creates, modifies or deletes a custom field from a post, page or custom post type
* User adds, moves, modifies or deletes a widget
* User installs or activates a new WordPress theme
* User changes WordPress settings such as permalinks or administrator notification email
* WordPress is updated / upgraded
* Failed login attempts
* and much more...

Refer to the complete list of [WordPress Security Audit Alerts](http://www.wpwhitesecurity.com/wordpress-security-plugins/wp-security-audit-log/security-audit-alerts-logs/) for more information on what WordPress activity can be monitored with WP Security Audit Log.

= Monitor WordPress Users Activity & Productivity =
If you own a multi user WordPress blog or website, or a WordPress multisite network installation you can use WP Security Audit Log plugin to monitor your users' activity and productivity. With WP Security Audit Log WordPress plugin you can monitor:

* When WordPress users log in or out
* From where WordPress users are logging in
* Users who created. modified or deleted categories
* Users who created a blog post, page or a custom post
* Users who published a blog post, page or a custom post
* Users who modified published WordPress content such as custom posts, pages or a blog posts
* Users who moves content such as blog posts or WordPress pages to trash or permanently deletes it
* Users who modify WordPress widgets
* Uses who upload or delete any sort of files
* and much more...

Refer to the complete list of [WordPress Security Audit Alerts](http://www.wpwhitesecurity.com/wordpress-security-plugins/wp-security-audit-log/security-audit-alerts-logs/) for more information on what other WordPress user activity can be monitored with the WP Security Audit Log WordPress plugin.

= Get Notified Instantly of Changes on Your WordPress =
<strong>Get notified instantly via email of important changes happening on your blogs and websites running on WordPress and WordPress multisite.</strong>

Use the premium [WSAL Notifications Extension](http://www.wpwhitesecurity.com/plugins-premium-extensions/email-notifications-wordpress/) to configure monitoring rules and get notified via email of specific actions. For example you can setup notifications rules to be alerted via email should any WordPress user logs in to your WordPress outside office hours. The email alerts include all the details a WordPress administrator or owner might need, such as the source IP address, user, user role, date, time, details about the actual action and much more.

= Use Free Text Based Searches to Search for Specific Activity on WordPress =
<strong>The search functionality allows you to quickly find specific WordPress activity you are looking for.</strong>

It is virtually impossible to find specific WordPress activity by manually browsing through thousands of WordPress security alerts. Now you can use the premium [WSAL Search Extension](http://www.wpwhitesecurity.com/plugins-premium-extensions/search-filtering-extension/) to do free text based searches in the WordPress audit log, allowing you to easily pin point specific WordPress user, site, plugin, theme and other activity. The Search extension also has a number of built-in filters that you can use to fine tune your search results, hence allowing you to find the WordPress security alert you are looking for easily and quickly.

= Generate HTML and CSV WordPress Reports =
<strong>Generate WordPress activity reports to ensure users' productivity and meet any legal and regulatory compliance requirements your business needs to adhere to.</strong>

Use the premium [WSAL Reporting Extension](http://www.wpwhitesecurity.com/plugins-premium-extensions/wordpress-reports-extension/) to generate any type of WordPress report. For example you can generate a WordPress user or group of users activity report, specific role activity report and also site activity report in case you are running WordPress multisite. Unlike other WordPress reports plugins, WSAL Reporting Extension does not have templates that restrict you to specific reports types, but it allows you to choose any data source for your reports.

= WP Security Audit Log for WordPress Multisite =
WP Security Audit Log is the first tracking and audit WordPress security monitoring plugin that supports WordPress multisite network installations and can monitor activity on such WordPress multisite network installations.

For more information about the features for WordPress Multisite network installation refer to [WP Security Audit Log Features for WordPress Multisite](http://www.wpwhitesecurity.com/wordpress-plugins/wp-security-audit-log-plugin-features-wordpress-multisite/)

= WordPress Security Audit Log in your Language! =
We need help translating the plugin and the WordPress Security Events. If you're good at translating, please drop us an email on plugins@wpwhitesecurity.com.

* Italian translation by [Leonardo Musumeci](http://leonardomusumeci.net/)
* German translation by [Mourad Louha](http://excel-translator.de)
* Romanian translations by [Artmotion Secure Servers](http://www.artmotion.eu)
* Serbo-Croatian by [Andrijana Nikolic](http://webhostinggeeks.com/)
* Spanish translation by Andrew Kurtis

= WordPress & PHP Errors Monitoring Tools =
Plugins and themes customizations are most probably the norm of the day on large WordPress websites, not to mention the installation of new plugins and components. With WP Security Audit Log now it is easier than ever before to monitor your plugins', theme's and other code behaviour, it will generate a alert when a PHP error, warning, exception or shutdown is detected. It is also possible to log all HTTP GET and POST requests that are reaching your WordPress installation to a log file with WP Security Audit Log. Simply enable the PHP Errors monitoring or logging from the plugins settings.

NOTE: Developer options should NEVER be enabled on Live websites. They should only be enabled on testing, staging and development WordPress and WordPress multisite installations.

= Other Noteworthy Features =
WP Security Audit Log plugin also has a number of features that make WordPress and WordPress multisite monitoring and auditing easier, such as:

* Realtime Audit Log viewer to watch user activity as it happens without any delays
* Builtin support for reverse proxies and web application firewalls [more information](http://www.wpwhitesecurity.com/wordpress-plugins/wordpress-user-monitoring-plugin/wp-security-audit-log-plugin-retrieves-originating-wordpress-user-ip-address/)
* Limit who can view the security alerts by users or roles
* Limit who can manage the plugin by users or roles
* Configurable WordPress dashboard widget highlighting the most recent critical activity
* Configurable WordPress security alerts pruning rules
* User role is reported in alerts for a complete overview of what is happening
* User avatar is reported in the alerts for better recognizability
* Enable or disable any security alerts
* and much more...

= As Featured On: =

* [WP Mayor](http://www.wpmayor.com/wp-security-audit-log-plugin-review-user-activity-logging-wordpress/)
* [ManageWP Plugins of the month](https://managewp.com/free-wordpress-plugins-june-2014)
* [Pagely](https://pagely.com/blog/2015/01/log-wordpress-dashboard-activity-improved-security-auditing/)
* [Design Wall](http://www.designwall.com/blog/10-wordpress-multisite-plugins-you-shouldnt-live-without/)
* [WPLift](http://wplift.com/wordpress-event-tracking)
* [BlogVault](https://blogvault.net/wp-security-audit-log-plugin-review/)
* [MyWPExpert](http://www.mywpexpert.com/wp-security-audit-log/)
* [Shout Me Loud](http://www.shoutmeloud.com/how-to-monitor-user-activities-wordpress-dashboard.html)

= Related Links and Documentation =
For more information and to get started with WordPress Security, check out the following:

* [List of WordPress Security Alerts](http://www.wpwhitesecurity.com/wordpress-security-plugins/wp-security-audit-log/security-audit-alerts-logs/)
* [WordPress Multisite Features](http://www.wpwhitesecurity.com/wordpress-plugins/wordpress-user-monitoring-plugin/wp-security-audit-log-plugin-features-wordpress-multisite/)
* [WP Security Audit Log and Reverse Proxy and WAFs Support](http://www.wpwhitesecurity.com/wordpress-plugins/wordpress-user-monitoring-plugin/wp-security-audit-log-plugin-retrieves-originating-wordpress-user-ip-address/)
* [WP Security Audit Log Database Documentation](http://www.wpwhitesecurity.com/wordpress-plugins/wordpress-user-monitoring-plugin/wp-security-audit-log-wordpress-database-documentation/)
* [Official WP Security Audit Log Page](http://www.wpwhitesecurity.com/wordpress-security-plugins/wp-security-audit-log/)

= WordPress Security Tips & Tricks =
Even if WordPress security is not your cup of tea, the security of your WordPress is your responsibility. Keep yourself up to date with the latest WordPress Security Tips & Tricks. WP White Security frequently publishes WordPress security tips & tricks on the [WordPress Security section](http://www.wpwhitesecurity.com/wordpress-security/) of their blog.

= Plugin Newsletter =
To keep yourself updated with what is new and updated in our WordPress security plugins please subscribe to the [WP White Security Plugins Newsletter](http://eepurl.com/Jn9sP).

**Note: This plugin requires PHP 5.3 or higher to be activated because older versions of PHP are no longer maintained by PHP themselves, which make them prone to security issues. For more information or if you need assistance with your version of PHP please get in touch with us by using our [contact form](https://www.wpwhitesecurity.com/contact-wp-white-security/).**

== Installation ==

1. Upload the `wp-security-audit-log` folder to the `/wp-content/plugins/` directory
2. Activate the WP Security Audit Log plugin from the 'Plugins' menu in the WordPress Administration Screens
3. Access the Security audit logs and the plugin settings from the "Security Audit Log" menu that appears in your admin menu

== Frequently Asked Questions ==

= How can I prune WordPress security events? =

By default the plugin will keep 5,000 WordPress Security Alerts. When this limit is reached, older alerts are deleted to make place for the new ones. You can configure the plugin to keep more alerts from the settings page. You can also configure the plugin to delete alerts which are older than a number of days.

= Is there a complete list of all WordPress security audit events? =
Yes. A complete list can be found [here](http://www.wpwhitesecurity.com/wordpress-security-plugins/wp-security-audit-log/security-audit-alerts-logs/)

= Can I disable some WordPress security alerts? =

Yes it is possible to disable (and re-enable) specific WordPress security alerts. To do so navigate to the "Enable/Disable Alerts" node in the plugin's menu, select the category tab and untick the WordPress security alert. Tick back the alert to re-enable it.

= Can WP Security Audit Log plugin work and monitor activity on WodPress Multisite? =
Yes, WP Security Audit Log works on WordPress Multisite networks, i.e. it can monitor user and under the hood WordPress activity on WordPress multisite installations. For more information refer to the post [WP Security Audit Log Features for WordPress Multisite installation](http://www.wpwhitesecurity.com/wordpress-plugins/wp-security-audit-log-plugin-features-wordpress-multisite/). 

= Can I receive an email notification when a specific change happens on WordPress? =
Yes it is possible to do so with the [WSAL Notifications Extension](http://www.wpwhitesecurity.com/plugins-premium-extensions/email-notifications-wordpress/). This plugin extension enables you to configure triggers to monitor for specific changes and when such changes take place an email is automatically sent to your email address of choice with all the details of such change such as the Alert ID, user, user role, date, time, details about the actual change and more.

= How can I search for a specific WordPress security alert?
You can use the premium add-on [Security Audit Log Search](http://www.wpwhitesecurity.com/plugins-premium-extensions/search-filtering-extension/) to automatically search for a specific WordPress security alert. It supports free text based searches and you can also use the built-in filters to fine tune your searches.

= Can I generate reports from the WordPress security audit log? =
Yes it is possible to do so with the premium [WSAL Reporting Extension](http://www.wpwhitesecurity.com/plugins-premium-extensions/wordpress-reports-extension/). This plugin extension allows you to generate any type of WordPress report using any type of data source. Reports can be generated in HTML and CSV format.

= Can I exclude users or roles from being monitored? =
Yes it is possible to exclude both users and roles from being monitored. To exclude a user or a role specify it in the Excluded Objects section in the plugin's settings node.

= Can I exclude custom fields from being monitored? =
Yes it is possible to exclude custom fields from being monitored. To exclude a custom field you can specify it in the Excluded Objects section in the plugin's settings node, else you can click the option Exclude Custom Field from Monitoring from the alert itself.

== Screenshots ==

1. The Audit Log Viewer from where the WordPress administrator can see all the security events generated by WP Security Audit Log WordPress plugin.
2. The WP Security Audit Log plugin options from where WordPress administrator can configure the auto pruning of security alerts and specific user access.
3. Configuring WordPress email alerts with the [Notifications Extensions](http://www.wpwhitesecurity.com/plugins-premium-extensions/email-notifications-wordpress/)
4. Search and filters functionality to automatically search through the WordPress security audit log with the [Search Extension](http://www.wpwhitesecurity.com/plugins-premium-extensions/search-filtering-extension/)
5. The Enable/Disable Alerts settings node from where Administrators can disable or enable WordPress security alerts.
6. The Audit Log Viewer of a Super Admin in a WordPress multisite network installation with the Site selection drop down menu.
7. If there are more than 15 sites in a multisite, an auto complete site search shows up instead of the drop down menu (see [screenshots](https://wordpress.org/plugins/wp-security-audit-log/screenshots/) for reference)

== Changelog ==

= 1.6.1 (2015-05-04) =
* **Bug Fixes**
	* Fixed the monitoring of plugin updates for WordPress 4.2 [Support Ticket](https://wordpress.org/support/topic/not-logging-plugin-updates-in-42)
	* Fixed an issue where multiple plugin updates triggered by drop down menu were not being reported
	* Fixed a conflict with Magic Fields 2 plugin [Support Ticket](https://wordpress.org/support/topic/major-conflict-with-magic-fields-2)
	* Updated the escaping of add_query_arg() function which could result in a potential XSS

= 1.6.0 (2015-04-16) =
* **New Security Alerts**
	* 5010: plugin created new tables in the WordPress database
	* 5011: plugin modified the structure of a number of tables in the WordPress database
	* 5012: plugin deleted tables from the WordPress database
	* 5013: theme created new tables in the WordPress database
	* 5014: theme modified the structure of a number of tables in the WordPress database
	* 5015: theme deleted tables from the WordPress database
	* 5016: an unknown component created new tables in the WordPress database
	* 5017: an unknown component theme modified the structure of a number of tables in the WordPress database
	* 5018: an unknown component theme deleted tables from the WordPress database
	* 2052: a user changed the parent of a category

= 1.5.2 (2015-04-07) =
* **Bug Fix**
	* Removed a clause which changed the debug log path (used for testing) [Support Ticket](https://wordpress.org/support/topic/plugin-is-changing-error-log-location)

= 1.5.1 (2015-03-26) =
* **Improvements**
	* Completely removed the user of the is_admin() function to follow better security practises
	
* **Bug Fixes**
	* Updated the licensing mechanism to correct problem where [WP Security Audit Log premium add-ons](http://www.wpwhitesecurity.com/wordpress-security-plugins/wp-security-audit-log/extensions/) could not be activated.
	* Fixed several issues where the database tables were not being created during install or upgrade. [Support ticket](https://wordpress.org/support/topic/wp_wsal_options-not-created-with-plugin-update?replies=8) and [Support ticket 2](https://wordpress.org/support/topic/missing-database-tables-1?replies=9)
	* Fixed an issue where the plugin did not monitor any activity in specific scenarios. [Support ticket](https://wordpress.org/support/topic/clean-install-not-reporting-when-posts-or-pages-are-creatededited?replies=4) and [Support ticket 2](https://wordpress.org/support/topic/blank-audit-log-page?replies=2)
	* Removed duplicate options in the settings page. [Support ticket](https://wordpress.org/support/topic/refresh-audit-view-refresh-audit-log-viewer?replies=5)

= 1.5.0 (2015-03-18) =
* **New Features**
	* Ability to exclude custom fields from monitoring (custom fields can be excluded from the Audit Log Viewer with a simple click or you can specify them in the settings)
	* Ability to exclude WordPress users and roles from monitoring

* **Improvements**
	* WP Security Audit Log now has its own settings table in WordPress database. This will provide us with more flexibility and have more centralization of data
	* Updated the code where is_admin() function was being used to follow better security practises
	
* **Bug Fixes**
	* Fixed a problem where a PHP exception was being thrown during the activation of the plugin [support ticket](https://wordpress.org/support/topic/php-error-alert-with-code-5001-has-not-be-registered?replies=11)

= 1.4.1 (2015-03-12) =
* **Bug Fix**
	* Fixed an issue where the IP address was not being reported for anyone using PHP version 5.3.3 or earlier [support ticket](https://wordpress.org/support/topic/invalid-ip-address-error?replies=4)

= 1.4 (2015-02-24) =
* **New Features**
	* WordPress username is now reported when a failed login is recorded - [More Details](http://www.wpwhitesecurity.com/wordpress-plugins/wordpress-user-monitoring-plugin/wordpress-failed-logins-monitoring-improved/)
	* Plugin is now available in Romanian thanks to [Artmotion](http://www.artmotion.eu)

* **Improvements**
	* Improved IP Address validation checks - if IP address format is incorrect the plugin reports "incorrect format" and not "unknown" - This will help us improve troubleshooting
	* Alerts pruning options are now added during activation of the plugin, making pruning options more reliable - existing pruning options will be retained
	
* **Bug Fixes**
	* Fixed issue with the option "auto / manual" refresh of Audit Log Viewer
	* Fixed plugin uninstallation process (added new option to purge all plugin data from WordPress database upon uninstall)
	
= 1.3.3 (2015-01-21) =
* **New Features**
	* [Premium Add-ons](http://www.wpwhitesecurity.com/wordpress-security-plugins/wp-security-audit-log/extensions/) will be hidden from the WordPress plugins page when the Hide plugin option is enabled.
	
* **Improvements**
	* Updated some of the help text in plugin's settings page
	* Updated the text of some WordPress security alerts
	
* **Bug Fixes**
	* Fixed a bug related to the reverse proxy / IP retrieval functionality
	* Fixed an issue related to Sandbox removal and upgrades [Support Ticket](https://wordpress.org/support/topic/fatal-error-undefined-method-on-upgrade)

= 1.3.2 (2014-12-16) =
* **New Features and Options**
	* Plugin automatically retrieves user's originating IP address even if WordPress is installed behind a reverse proxy, web application firewall or load balancer. For more information refer to [WP Security Audit Log, Reverse Proxies and WAFs](http://www.wpwhitesecurity.com/wordpress-plugins/wordpress-user-monitoring-plugin/wp-security-audit-log-plugin-retrieves-originating-wordpress-user-ip-address/)
	* New option to omit internal IP addresses from being reported in the WordPress security audit log
	
* **Removed Functionality**
	* The sandbox was removed from the plugin. If you need to use the sandbox for troubleshooting and tested contact us since we migrated it to a standalone extension.
	
* **Bug Fixes**
	* Fixed a bug where site administrators where not able to view the WordPress security alerts for their sites in a WordPress multisite installation
	* Improved some SQL queries as reported in this [support ticket](https://wordpress.org/support/topic/syntax-error-d-not-replaced?replies=10#post-6278773)	
	* Fixed an issue with alerts pruning (when pruning was set by number of alerts the plugin was pruning all alerts)
	
= 1.3.1 (2014-11-27) =
* **New WordPress Security Alerts**
	* Alert 2065: The content of published post has been modified
	* Alert 2066: The content of published page has been modified
	* Alert 2067: The content of published custom post type has been modified
	* Alert 2068: The content of a draft post has been modified
	* Alert 2069: The content of a draft page has been modified
	* Alert 2070: The content of a draft custom post type has been modified
	* Alert 2071: Changed the position of a widget in the same container
	
* **WordPress Security Audit Log Viewer Improvement**
	* Removed fixed width from columns, hence now they are dynamically resized depending on your resolution
	
* **Bug Fixes**
	* Fixed an issue where alert 1001 (logout) was generated without a login [support ticket](https://wordpress.org/support/topic/too-many-records-with-1001-code?replies=2)
	* Fixed a PHP coding problem / invalid argument issue [support ticket](https://wordpress.org/support/topic/php-warning-invalid-argument-2?replies=4#post-6229565)

= 1.3.0 (2014-10-30) =
* **New WordPress Security Alerts**
	* Alert 2065: User modified the content of a blog post
	* Alert 2066: User modified the content of a WordPress page
	* Alert 2067: User modified the content of a custom post type
	
* **Improvements**
	* We have also improved the code of some of the sensors which monitor the WordPress activity
	
= 1.2.9 (2014-10-21) =
* **Bug Fix**
	* Fixed an issue with the queries used for the alerts pruning as reported in this [support ticket](https://wordpress.org/support/topic/this-version-of-mysql-doesnt-yet-support).
	
= 1.2.8 (2014-10-14) =
* **New Feature**
	* Added new Extensions page to allow users to see which extensions they can use to increase the functionality of the plugin
	* Included licensing mechanism to support premium extensions
	
* **Improvements**
	* Updated latest language files for German and Italian translations (also include corrections for some old translations)
	
* **Bug Fixes**
	* Fixed a problem with the pruning of WordPress Security Alerts [support ticket](https://wordpress.org/support/topic/security-alerts-pruning-not-working-as-intended)
	* Fixed pagination issue in the Audit Log Viewer when running on WordPress multisite

= 1.2.7 (2014-09-26) =
* **New Feature**
	* New option "Restrict Plugin Access" that allows WordPress administrators to further restrict access to the plugin and the WordPress security alerts

* **Improvements**
	* Updated the Audit Log Viewer backend to retriev WordPress security alerts much faster and consume less resources on large websites
	* Moved the Audit Log plugin menu entry underneath the dashboard entry for better access
	* Several minor enhancements to the plugin to perform better on large WordPress installations
	
* **Bug Fixes**
	* Fixed an uncaught exception with Logout Alert 1001 [support ticket](https://wordpress.org/support/topic/uncaught-exception-2)

= 1.2.6 (2014-08-20) =
* **Improvements**
	* Several performance improvements and tweaks applied
	* Updated Italian translations
	
* **Bug Fixes**
	* Fixed an issue with URLs of plugin pages [support ticket](http://wordpress.org/support/topic/admin-cannot-access-settings)
	* Fixed an uncaught exception with Logout Alert 1001 [support ticket](http://wordpress.org/support/topic/fatal-error-1311)
	* Fixed error on logout issue [support ticket](http://wordpress.org/support/topic/error-at-logou)
	* Fixed uncaught exception with specific Alert Codes [support ticket](http://wordpress.org/support/topic/uncaught-exception-2)
	
= 1.2.5 (2014-08-12) =
* **New Feature**
	* Monitoring of custom fields in WordPress posts, pages and custom post types.
	
* **New WordPress Security Alerts**
	* Alert 2053: User created new custom field in blog post
	* Alert 2054: User modified the value of custom field in blog post
	* Alert 2055: User deleted a custom field in blog post
	* Alert 2062: User renamed custom field in blog post
	* Alert 2059: User created new custom field in page
	* Alert 2060: User modified the value of custom field in page
	* Alert 2061: User deleted custom field from page
	* Alert 2063: User renamed custom field in 
	* Alert 2056: User created new custom field in custom post type
	* Alert 2057: User modified the value of custom field in custom post type
	* Alert 2058: User deleted a custom field from custom post type
	* Alert 2064: User renamed custom field in custom post type
	
* **Improvements**
	* Improved the writing and reading of WordPress alerts from the WordPress database (plugin runs more efficiently on high traffic WordPress and WordPress multisite installations)
	* Improved the monitoring of WordPress login and logout actions
	* Applied various plugin performance tweaks
	
* **Bug Fixes**
	* Fixed a specific issue where user and user role where not being reported ([ticket](http://wordpress.org/support/topic/showing-unknown-user-logged-out-but-never-logged-in?replies=11))
	* Fixed an error which was being reported during user logout in specific scenarios ([ticket](http://wordpress.org/support/topic/error-at-logou?replies=3))
	* Fixed a CSRF vulnerability reported by Kévin FALCOZ aka 0pc0deFR
	
= 1.2.4 (2014-07-27) =
* **Improvements**
	* Improved monitoring of failed logins, addressed issues reported [here](http://wordpress.org/support/topic/horrible-performance#post-), [here](http://wordpress.org/support/topic/much-too-much-sql-load#post-), [here](http://wordpress.org/support/topic/overload-due-to-this-plugin#post-) and [here](http://wordpress.org/support/topic/mysql-200-cpu-time-copying-to-tmp-table)

= 1.2.3 (2014-07-23) =
* **Improvements**
	* Improved database structure for better support of high-traffic WordPress and WordPress multisite installations
	* Developer options are reset during updates for improved performance
	* Added a warning / note to the developer options (such options should NEVER be enabled on live websites but only on testing, staging and development websites)
	
* **Bug Fixes**
  * Fixed database issue with primary key constraint

= 1.2.2 (2014-07-16) =
* **New Features**
  * Italian translation available thanks to [Leonardo Musumeci](http://leonardomusumeci.net/)
	
* **Improvements**
  * Added a warning for developer options
  * "Hidden" developer options from default settings; user has to click link to access developer settings
  * Backtrace logging now made optional from a developer setting
	
* **Bug Fixes**
  * Solved several issues related to translations. Now everything in the plugin is translatable
  * Fixed several other issues reported by email

= 1.2.1 (2014-07-2) =
* **Bug Fix**
  * Fixed reported issue with upgrade (more info [here](http://wordpress.org/support/topic/errors-showing-since-120-upgrade-on-multisite-install?replies=4))

= 1.2.0 (2014-07-2) =
* **New Features**
  * Unlimited Alerts can be stored (removed the 5000 alerts limit)
  * Alert time now includes milliseconds for more precision (ideal for auditing and compliance)
  * Reported alert time is now relative to user's configured timezone
  * Alerts automatic pruning procedures can now be enabled / disabled
  * Option to hide WP Security Audit Log from Plugins page in WordPress
  * If there are more than 15 websites in a multisite installation, an auto complete site search box is shown instead of the drop down menu

* **New WordPress Security Alerts**
  * Alert 5007: User has uninstalled / deleted a theme
  * Alert 5008: Super administrator network activated a theme on multisite
  * Alert 5009: Super administrator network deactivated a theme on multisite

= 1.1.0 (2014-05-27) =
* **New Features**
  * User avatar is shown in the alert to allow administrators to easily recognize users and their activity	
  * Clickable username in alerts allow administrators to access user's profile instantly
  * User role is reported in alert so administrators can easily track any suspicious behaviour
  * PHP Version checker; upon installation the plugin will check what version of PHP is installed on the system
    
* **New WordPress Security Alert for monitoring plugin files**
  * Alert 2051: User changed a plugin file using the plugin editor (note: filename and location will also be reported in the alert)
 
* **Bug fixes**
  * Fixed wrapping problem in alerts dashboard widget
  * Fixed upgrade script to properly create the new tables in the WordPress database
  
= 1.0 (2014-05-20) =
* Complete plugin rewrite making the new version more stable and scalable

* **New Features**
  * New Audit Log viewer
  * Auto refresh of security alerts - WordPress administrators do not need to refresh the Audit Log Viewer page to see new alerts
  * Data Inspector reports more insider information about each alert (can be enabled from settings)
  * Sandbox allows developers to execute PHP code for troubleshooting (can be enabled from settings)
  * Request Log that logs all HTTP GET and POST requests done on WordPress (can be enabled from settings)
  * Logging of PHP Errors; ideal for developers who want to monitor WordPress for any errors (can be enabled from settings)
  * New Support and About Us page that you should check out!
  
* **New WordPress Security Alerts for monitoring themes, WordPress settings, files and much more**
  * Alert 2046: User modified a file using the editor
  * Alert 2047: User changed parent of page
  * Alert 2048: User changed template of page
  * Alert 2049: User set post as sticky
  * Alert 2050: User removed post from Sticky
  * Alert 5005: User installed a new theme
  * Alert 5006: User activated a theme
  * Alert 6004: User upgraded WordPress
  * Alert 6005: User changed the WordPress permalinks
  
* **New WordPress Developer Alerts**
  * Alert 0000: Unknown error
  * Alert 0001: PHP Error
  * Alert 0002: PHP Warning
  * Alert 0003: PHP Notice
  * Alert 0004: PHP Exception
  * Alert 0005: PHP Shutdown Error
  
* For more information about what is new and changed in this version of the plugin refer to the [WP Security Audit Log release notes](http://www.wpwhitesecurity.com/wordpress-plugins/easy-wordpress-security-monitor-wp-security-audit-log-plugin).

= 0.6.3 (2014-02-18) =
* **Bug Fix**
  * Disabled debugging by default (left enabled by mistake)

= 0.6.2 (2014-02-03) =
* **Bug Fix**
  * Fixed a number of database issues introduced with the WordPress Multisite Support
  * Fixed issue with supporting pre WordPress 3.0 multisite installations (support tickets [here](http://wordpress.org/support/topic/errors-on-06-fresh-installation?replies=9) and [here](http://wordpress.org/support/topic/upgrade-to-06-infinite-do-loop-in-refresh-alerts-list?replies=3))  
  
= 0.6.1 (2014-01-16) =
* **Bug Fix**
  * Fixed errors in debug code (used for when debugging is enabled in plugin)
  
= 0.6 (2014-01-15) =
* **New Plugin Feature**
* WordPress Multisite Support [Read More](http://www.wpwhitesecurity.com/wordpress-plugins/wp-security-audit-log-plugin-features-wordpress-multisite/)

* **New WordPress Security Alerts for monitoring specific multisite activity on a WordPress multisite network installation**
  * Alert 4008: User is granted super admin privileges (network)
  * Alert 4009: Super admin privileges (network) are revoked from a user
  * Alert 4010: Added an existing user to a site and assigned a specific role
  * Alert 4011: Removed user with a specific role from a site
  * Alert 4012: New user created on the network
  * Alert 7000: Added a new site to network
  * Alert 7001: A site was archived
  * Alert 7002: A site was unarchived
  * Alert 7003: A site was activated
  * Alert 7004: A site was deactivated
  * Alert 7005: A site was deleted

* **Plugin Improvements**
  * Plugin settings page to have the same look and feel of the new WordPress dashboard (3.8)    
  
= 0.5.1 (2013-12-11) =
* **Bug Fix**
  * Fixed an issue with Edit Post function (in very specific cases) (http://wordpress.org/support/topic/was-working-great-no-post-edit-function-now)
    
= 0.5 (2013-11-06) =
* **New WordPress Security Alerts for monitoring of Widgets**
  * Alert 2042: New widget was added
  * Alert 2043: A widget was modified
  * Alert 2044: A widget was deleted
  * Alert 2045: A widget was moved

* **New Plugin Features**
  * New setting to allow specific user(s) and role(s) to view the Audit Log Viewer (read only)
  * New setting to allow specific user(s) and role(s) to manage the WP Security Audit Log plugin (can change plugin settings, enable disable WordPress security alerts etc)

* **Plugin Improvements**
  * Renamed "login/logout" tab in "Enable/Disable Alerts" section to plugins to "Other User Activity"
  * Added the files alerts (uploaded / delete files) to the "Enable/Disable Alerts" (previously unavailable)

* **Bug Fixes**
  * Fixed issue where all users were able to see the Dashboard widgets with security alerts - now restricted only to users who have access to the plugin
  * Fixed user reported issue (http://wordpress.org/support/topic/errors-on-enabledisable-alerts-page)

= 0.4 (2013-10-09) =
* **New WordPress Security Alerts for Custom Post Types**
  * Alert 2029: New post with custom post type created and saved as draft
  * Alert 2030: Post with custom post type is publishes
  * Alert 2031: A published post with custom post type is modified
  * Alert 2032: A draft post with custom post type is modified
  * Alert 2033: A post with custom post type was permanently deleted
  * Alert 2034: A post with custom post type was moved to trash
  * Alert 2035: A post with custom post type was restored from trash
  * Alert 2036: The category of a post with custom post type was changed
  * Alert 2037: The URL of a post with custom post type was changed
  * Alert 2038: The author of a post with custom post type was changed
  * Alert 2039: The status of a post with custom post type was changed
  * Alert 2040: The visibility of a post with custom post type was changed
  * Alert 2041: The date of a post with custom post type was changed

* **New Plugin Features**
  * Enable/Disable Alerts node that allows WordPress administrators to switch on or off specific WordPress security alerts
  * Dashboard widget that shows the latest 5 WordPress security alerts (widget can be switched on or off from the plugin settings)
  * Plugin is now language aware and we can accept translations

* **Plugin Improvements**
  * Updated settings page to have the same look and feel of WordPress
  * Improved the upgrade procedure of the plugin
  * Updated the Audit Log Viewer display to support more resultions such as those of tables and smartphones

= 0.3 (2019-09-19) =

* **New WordPress Security Alerts**
  * Alert 6001: Anyone can Register option in WordPress settings was changed
  * Alert 6002: Default use role in WordPress settings was changed
  * Alert 6003: Administrator notification email in WordPress settings was changed
  * Alert 2025: Visibility of a blog post was changed
  * Alert 2026: Visibility of a page was changed
  * Alert 2027: Date of a blog post was changed
  * Alert 2028: Date of a page was changed

* **Plugin Improvements**
  * Links to the Audit Log Viewer and Settings in the plugin summary page
  * Time of Failed Login alerts now reflects the time of last failed login attempt

* **Bug Fixes**
  * Fixed: Incorrect alerts generated when author of page was changed from quick edit mode
  * Fixed: Conflict with WP Mandrill and other plugins using pluggable.php
  * Fixed: Incorrect alerts generated when plugin is installed via a zip file / upload method

= 0.2 (2013-08-12) =

* Restricted plugin options and WordPress Audit Log Event Viewer only to WordPress administrators
* Improved failed logins events (events generated from the same IP, or same username will be grouped to avoid mass flooding of security events)
* Security Events pruning now uses wp-cron functionality (improved stability and reliability of events pruning)
* Applied several performance improvements (faster loading of events etc)
* Added support for permalinks; now events will include page or blog post URL rather than ID
* Added new alerts for when a page or blog post status is changed from draft, pending review or published
* Added new alert for when a page or blog post URL or author is changed
* Added new alert for when a blog post category is changed
* Added new alerts for when a user creates or deletes a category
* Added new alert for when the author of a blog post or page is changed
* Added new plugin alerts for when a plugin is installed, uninstalled or upgraded
* Updated navigation menu to use standard WordPress dashboard icons etc

= 0.1 (2013-05-24) =

* Initial beta release of WP Security Audit Log.
