Skip to content

Adam Greenwell

Activity Log

The Activity Log provides comprehensive tracking of security events, user actions, and system changes on your WordPress site. It’s essential for security monitoring, compliance, troubleshooting, and understanding what’s happening on your site.

What is Logged?

Guard Dog tracks five categories of events:

1. Security Events

Login attempts, authentications failures, lockouts, and security-related actions.

Examples:

  • Login successful/failed
  • 2FA enabled/disabled
  • CAPTCHA verification
  • IP address blocked
  • Login lockouts initiated
  • Password resets

2. User Management

User account creation, modifications, deletions, and role changes.

Examples:

  • User created/deleted
  • User role changed
  • Profile updated
  • Temporary access created/used

3. Content Management

Post, page, and comment activities.

Examples:

  • Post created/updated/deleted
  • Post status changed
  • Post trashed
  • Comment created/approved/deleted
  • Comment marked as spam

4. System Events

Plugin, theme, and WordPress core changes.

Examples:

  • Plugin activated/deactivated
  • Plugin installed/deleted
  • Theme switched/installed/deleted
  • WordPress core updated
  • Settings updated
  • Menu/widget changes

5. WooCommerce Events (if installed)

E-commerce activities for sites using WooCommerce.

Examples:

  • Product created/updated/deleted
  • Order created/completed/refunded
  • Coupon created/deleted
  • Payment gateway changes
  • Shipping zone updates
  • Tax rate changes

Accessing the Activity Log

Navigate to Guard Dog → Activity Log in your WordPress admin.

Understanding the Activity Log Interface

Log Entry Columns

Each log entry displays:

Event Type:

  • The name of the event (e.g., “Login Successful”, “Post Created”)
  • Color-coded by category

User:

  • Who performed the action
  • “System” for automated actions
  • “Guest” for unauthenticated actions

IP Address:

  • Where the action originated from
  • Helpful for tracking location of logins

Date/Time:

  • When the event occurred
  • Displayed in your WordPress timezone

Details:

  • Additional context about the event
  • Varies by event type
  • Click to expand for full details

Filtering Events

Use filters to find specific events:

By Event Type:

  • Select from dropdown of all event types
  • Shows only matching events

By User:

  • Filter by specific WordPress user
  • See all actions by that user

By Date Range:

  • Custom date ranges
  • Today, Last 7 days, Last 30 days
  • Custom start/end dates

By IP Address:

  • Search for specific IP
  • Track actions from a particular source

Combine filters:

  • Use multiple filters together
  • Example: Failed logins from specific IP in last 24 hours

Sorting

Click column headers to sort:

  • Date/Time: Newest first (default) or oldest first
  • Event Type: Alphabetically
  • User: Alphabetically
  • IP Address: Numerically

Pagination

Navigate through entries:

  • Shows 25 entries per page (adjustable)
  • Use page numbers or next/previous
  • Jump to specific page

Configuring Activity Log

Choosing What to Log

  1. Go to Guard Dog → Activity Log
  2. Click “Event Settings” or “Configure Events”
  3. Check/uncheck event types you want to log
  4. Click Save Settings

Default logged events:

  • All security events: ✅ Enabled
  • User management: ✅ Enabled (except profile updates)
  • Content creation/deletion: ✅ Enabled
  • Content updates: ❌ Disabled (too verbose)
  • System changes: ✅ Enabled (critical only)
  • WooCommerce: ✅ Enabled (critical only)

Recommendations by Site Type

Personal Blog:

✅ Security events (all)
✅ User management
❌ Content updates (too noisy)
✅ Post creation/deletion only
✅ System changes

Business Website:

✅ Security events (all)
✅ User management (all)
✅ Content management (all)
✅ System changes (all)
❌ WooCommerce updates (unless needed for compliance)

E-commerce Site:

✅ All security events
✅ All user events
✅ All WooCommerce events
✅ All system changes
✅ Content creation/deletion
❌ Post/product updates (too verbose unless compliance requires)

High-Traffic Site:

✅ Security events only
❌ Content events (too much data)
✅ System changes
✅ User management (critical only)

Common Use Cases

Security Monitoring

Detecting attacks:

  1. Filter by event type: “Login Failed”
  2. Look for patterns:
  • Many failures from same IP
  • Failures with different usernames from same IP
  • Geographic anomalies
  1. Add attacking IPs to blacklist

Investigating unauthorized access:

  1. Filter by event: “Login Successful”
  2. Check unexpected login times
  3. Verify IP addresses match expected locations
  4. Look for role changes or suspicious activity after login

Monitoring 2FA:

  1. Filter by “2FA” events
  2. Track who’s enabling/disabling 2FA
  3. Monitor 2FA failures (possible account takeover attempts)

Compliance & Auditing

User activity audits:

  1. Filter by specific user
  2. Review all their actions
  3. Export for compliance documentation

Change tracking:

  1. Filter by “Settings Updated” or “Plugin Activated”
  2. Track who made configuration changes
  3. Correlate changes with incidents

WooCommerce compliance:

  1. Filter by WooCommerce events
  2. Track order modifications
  3. Monitor refunds and sensitive operations

Troubleshooting

Plugin conflicts:

  1. Filter by “Plugin Activated”
  2. Note time of activation
  3. Correlate with reported issues

Mysterious content changes:

  1. Filter by user who modified content
  2. Check IP address
  3. Verify it’s legitimate user or compromised account

Lost password requests:

  1. Filter by “Password Reset”
  2. Verify legitimacy
  3. Check IP address for suspicious patterns

Event Details

Security Events

Login Successful:

User: john
IP: 203.0.113.50
Details: Login method: Standard (or 2FA, CAPTCHA+2FA)

Login Failed:

User: admin (attempted)
IP: 198.51.100.10
Details: Reason: Incorrect password

Login Lockout Initiated:

User: N/A
IP: 198.51.100.10
Details: Max retries: 5, Lockout expires: 2024-10-23 15:30:00

2FA Enabled:

User: mary
IP: 203.0.113.100
Details: Method: TOTP (Authenticator App)

User Management Events

User Created:

User: admin (creator)
IP: 203.0.113.50
Details: New user: newuser, Role: Editor

User Role Changed:

User: admin
IP: 203.0.113.50
Details: User: john, Old role: Editor, New role: Administrator

Temporary Access Created:

User: admin
IP: 203.0.113.50
Details: Temporary user: temp_support, Expires: 2024-10-30, Role: Editor

Content Management Events

Post Created:

User: editor
IP: 203.0.113.75
Details: Post ID: 123, Title: "New Blog Post", Type: post

Post Status Changed:

User: editor
IP: 203.0.113.75
Details: Post: "New Blog Post", Old status: draft, New status: published

System Events

Plugin Activated:

User: admin
IP: 203.0.113.50
Details: Plugin: contact-form-7/wp-contact-form-7.php

WordPress Core Updated:

User: admin
IP: 203.0.113.50
Details: Old version: 6.3.1, New version: 6.3.2

WooCommerce Events

Order Created:

User: customer_john
IP: 198.51.100.200
Details: Order #1234, Total: $99.99, Status: Pending

Product Updated:

User: shop_manager
IP: 203.0.113.80
Details: Product ID: 567, Name: "Blue Widget", Changes: Price

Database Storage

How Logs Are Stored

Activity logs are stored in a dedicated database table: wp_guard_dog_activity_log

Table structure:

  • id – Unique entry ID
  • event_type – Event identifier
  • user_id – WordPress user ID (0 for guest/system)
  • user_login – Username
  • ip_address – Source IP
  • event_date – Timestamp
  • details – JSON-encoded event details

Database Performance

Optimization features:

  • Indexed columns for fast queries
  • Batch logging to reduce database writes
  • Automatic cleanup of old entries (if configured)
  • Efficient JSON storage for details

For large sites:

  • Consider limiting events logged
  • Enable automatic cleanup
  • Monitor database table size

Data Management

Exporting Logs

To export activity log data:

  1. Go to Guard Dog → Activity Log
  2. Apply any desired filters
  3. Click Export (if available in your version)
  4. Choose format: CSV or JSON
  5. Download file

Uses for exports:

  • Compliance documentation
  • Backup before cleanup
  • Offline analysis
  • Importing to SIEM systems

Clearing Old Logs

Manual cleanup:

Via WordPress admin (if available):

  1. Go to Guard Dog → Settings → Data Management
  2. Choose date range to delete
  3. Click Clear Activity Log
  4. Confirm deletion

Via database (advanced):

-- Delete logs older than 90 days
DELETE FROM wp_guard_dog_activity_log 
WHERE event_date < DATE_SUB(NOW(), INTERVAL 90 DAY);

Automatic cleanup:

Configure automatic deletion of old entries:

  1. Go to Guard Dog → Settings → Data Management
  2. Enable Automatic Log Cleanup
  3. Set Retention Period (e.g., 90 days)
  4. Logs older than retention period are automatically deleted

Recommended retention:

  • Personal blog: 30-60 days
  • Business site: 90-180 days
  • Compliance requirements: Check your industry standards (often 1-7 years)
  • E-commerce: 1-2 years (for order/payment tracking)

Backup Considerations

Activity logs are part of your WordPress database:

When backing up:

  • ✅ Include the wp_guard_dog_activity_log table
  • ✅ Export critical events before cleanup
  • ✅ Keep offsite backups for compliance

When restoring:

  • ⚠️ Old logs may conflict with current state
  • Consider clearing logs after restore
  • Verify log dates make sense after restoration

Security & Privacy

What Data is Stored?

Always stored:

  • Event type
  • Username
  • IP address
  • Timestamp

Sometimes stored:

  • Previous values (e.g., old post content, old user role)
  • New values (e.g., new post content, new user role)
  • Metadata specific to event

Never stored:

  • Passwords (not even hashes)
  • Private/sensitive content (unless it’s the subject of change)
  • Session tokens
  • Cookies

Privacy Considerations

IP addresses:

  • IP addresses are personally identifiable in some jurisdictions (GDPR)
  • Consider anonymizing or deleting old IP data
  • Document IP storage in privacy policy

User activity tracking:

  • Inform users their activity is logged
  • Provide access to their own logs (GDPR requirement)
  • Honor data deletion requests

Compliance:

  • Check your industry/legal requirements
  • Some regulations require activity logging
  • Others require data minimization

Access Control

Who can view activity logs:

  • Only administrators by default
  • Logs contain sensitive security information
  • Restrict access appropriately

For multi-admin sites:

  • Ensure all admins are trustworthy
  • Consider who should see security logs
  • Logs reveal who did what (accountability)

Troubleshooting

Missing Events

Symptom: Expected events aren’t in the log

Possible causes:

  1. Event type is disabled in settings
  2. Event happened before logging was enabled
  3. Database error prevented logging
  4. Caching issue

Solutions:

  1. Check Event Settings – ensure event type is enabled
  2. Check the date range of your filter
  3. Check PHP error logs for database issues
  4. Clear cache and refresh

Too Many Events

Symptom: Activity log is overwhelming, hard to find relevant events

Solutions:

  1. Disable verbose events:
  • Disable “Post Updated”, “Profile Updated”
  • Keep only critical events
  1. Use filters:
  • Filter by event type
  • Filter by specific users
  • Filter by date range
  1. Enable automatic cleanup:
  • Set retention period
  • Old logs are auto-deleted
  1. Export and clear:
  • Export logs for archival
  • Clear old logs manually

Performance Issues

Symptom: Site slow, database table very large

Causes:

  • Activity log table has millions of rows
  • Too many events being logged
  • No automatic cleanup enabled

Solutions:

  1. Check table size:
   SELECT table_name, 
          ROUND(((data_length + index_length) / 1024 / 1024), 2) AS "Size (MB)"
   FROM information_schema.TABLES
   WHERE table_name = 'wp_guard_dog_activity_log';
  1. Clear old logs:
  • Delete logs older than 30-90 days
  • Immediate performance improvement
  1. Disable verbose events:
  • Turn off “Post Updated”, “Comment Created”, etc.
  • Reduces future growth
  1. Enable automatic cleanup:
  • Prevents table from growing too large
  1. Optimize table:
   OPTIMIZE TABLE wp_guard_dog_activity_log;

Best Practices

  1. Log security events – Always enabled, non-negotiable
  2. Be selective with content events – Only if needed
  3. Review logs regularly – Weekly for high-security sites
  4. Set up automatic cleanup – Prevent unlimited growth
  5. Export before major changes – Backup logs before site migrations
  6. Monitor for patterns – Recurring failures = investigation needed
  7. Document your retention policy – Legal/compliance requirements
  8. Limit admin access – Only trusted users should view logs
  9. Include in backups – Logs are part of your data
  10. Use for troubleshooting – First place to look when issues arise

FAQ

Q: How long are activity logs kept?
A: Indefinitely by default. Configure automatic cleanup to manage retention.

Q: Can users see their own activity?
A: Not by default. Only administrators can view activity logs.

Q: Do activity logs affect site performance?
A: Minimal impact. Logging is optimized and batched for efficiency.

Q: Can I export activity logs?
A: Yes, activity logs can be exported to CSV or JSON for archival or analysis.

Q: Are passwords logged?
A: No. Passwords are never logged, even in encrypted form.

Q: Can I disable activity logging completely?
A: Yes, but not recommended. At minimum, keep security events enabled.

Q: How do I find who deleted a post?
A: Filter by event type “Post Deleted” and check the user column.

Q: Can activity logs be deleted by users?
A: No. Only administrators can clear logs via settings or database access.

Q: Do logs include failed CAPTCHA attempts?
A: Yes, “CAPTCHA Failed” events are logged when CAPTCHA verification fails.

Q: What’s the difference between clearing logs and disabling events?
A: Clearing deletes existing logs. Disabling events prevents future logging of those event types.