[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnjQZu3ekSGnuVxAkiLunuPV3wmtY7IoVyAA8yVOrxRQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":129,"crawl_stats":37,"alternatives":136,"analysis":248,"fingerprints":715},"stream","Stream","4.1.2","XWP","https:\u002F\u002Fprofiles.wordpress.org\u002Fxwp\u002F","\u003Cp>With real-time notifications and third-party integrations, Stream can proactively alert you when something goes wrong with your WordPress site.\u003C\u002Fp>\n\u003Cp>Designed for debugging and compliance purposes, Stream is useful for keeping tabs on your WordPress users: From activating plugins to deleting posts, to login attempts and new user creation, you can see what’s changed, who changed it and when.\u003C\u002Fp>\n\u003Cp>The plugin records WordPress user and system action to the Stream logs.  Every logged-in user action is displayed in an activity stream and organized for easy filtering by User, Role, Context, Action or IP address. Admins can highlight entries in the Stream log—such as suspicious user activity—to investigate what’s happening in real time. Stream also allows you to configure email alerts and webhooks for integrations like Slack and IFTTT to notify you and your team when something has gone wrong.\u003C\u002Fp>\n\u003Cp>For advanced users, Stream also supports a network view of all activity records on your Multisite, the ability to set exclude rules to ignore certain kinds of user activity, and a WP‑CLI command for querying records.\u003C\u002Fp>\n\u003Cp>With Stream’s powerful logging, you’ll have the valuable information you need to responsibly manage your WordPress sites.\u003C\u002Fp>\n\u003Ch4>Built-In Tracking Integrations For Popular Plugins:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Advanced Custom Fields\u003C\u002Fli>\n\u003Cli>bbPress\u003C\u002Fli>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads\u003C\u002Fli>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003Cli>Jetpack\u003C\u002Fli>\n\u003Cli>User Switching\u003C\u002Fli>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>Yoast SEO\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Built-In Tracking For Core Actions:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Posts\u003C\u002Fli>\n\u003Cli>Pages\u003C\u002Fli>\n\u003Cli>Custom Post Types\u003C\u002Fli>\n\u003Cli>Users\u003C\u002Fli>\n\u003Cli>Themes\u003C\u002Fli>\n\u003Cli>Plugins\u003C\u002Fli>\n\u003Cli>Tags\u003C\u002Fli>\n\u003Cli>Categories\u003C\u002Fli>\n\u003Cli>Custom Taxonomies\u003C\u002Fli>\n\u003Cli>Settings\u003C\u002Fli>\n\u003Cli>Custom Backgrounds\u003C\u002Fli>\n\u003Cli>Custom Headers\u003C\u002Fli>\n\u003Cli>Menus\u003C\u002Fli>\n\u003Cli>Media Library\u003C\u002Fli>\n\u003Cli>Widgets\u003C\u002Fli>\n\u003Cli>Comments\u003C\u002Fli>\n\u003Cli>Theme Editor\u003C\u002Fli>\n\u003Cli>WordPress Core Updates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Other Noteworthy Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Multisite view of all activity records on a network\u003C\u002Fli>\n\u003Cli>Limit who can view user activity records by user role\u003C\u002Fli>\n\u003Cli>Set exclude rules to ignore certain kinds of user activity\u003C\u002Fli>\n\u003Cli>Live updates of user activity records in the Stream\u003C\u002Fli>\n\u003Cli>Export your Activity Stream as a CSV or JSON file\u003C\u002Fli>\n\u003Cli>WP-CLI command for querying records\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Cp>Most of the plugin configuration is available under the “Stream” \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> “Settings” page in the WordPress dashboard.\u003C\u002Fp>\n\u003Ch4>Request IP Address\u003C\u002Fh4>\n\u003Cp>The plugin expects the \u003Ccode>$_SERVER['REMOTE_ADDR']\u003C\u002Fcode> variable to contain the verified IP address of the current request. On hosting environments with PHP processing behind reverse proxies or CDNs the actual client IP is passed to PHP through request HTTP headers such as \u003Ccode>X-Forwarded-For\u003C\u002Fcode> and \u003Ccode>True-Client-IP\u003C\u002Fcode> which can’t be trusted without an additional layer of validation. Update your server configuration to set the \u003Ccode>$_SERVER['REMOTE_ADDR']\u003C\u002Fcode> variable to the verified client IP address.\u003C\u002Fp>\n\u003Cp>As a workaround, you can use the \u003Ccode>wp_stream_client_ip_address\u003C\u002Fcode> filter to adapt the IP address:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter(\n    'wp_stream_client_ip_address',\n    function( $client_ip ) {\n        \u002F\u002F Trust the first IP in the X-Forwarded-For header.\n        \u002F\u002F ⚠️ Note: This is inherently insecure and can easily be spoofed!\n        if ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {\n            $forwarded_ips = explode( ',' $_SERVER['HTTP_X_FORWARDED_FOR'] );\n\n            if ( filter_var( $forwarded_ips[0], FILTER_VALIDATE_IP ) ) {\n                return $forwarded_ips[0];\n            }\n        }\n\n        return $client_ip;\n    }\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>⚠️ \u003Cstrong>WARNING:\u003C\u002Fstrong> The above is an insecure workaround that you should only use when you fully understand what this implies. Relying on any variable with the \u003Ccode>HTTP_*\u003C\u002Fcode> prefix is prone to spoofing and cannot be trusted!\u003C\u002Fp>\n\u003Ch3>Known Issues\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>We have temporarily disabled the data removal feature through plugin uninstallation, starting with version 3.9.3. We identified a few edge cases that did not behave as expected and we decided that a temporary removal is preferable at this time for such an impactful and irreversible operation. Our team is actively working on refining this feature to ensure it performs optimally and securely. We plan to reintroduce it in a future update with enhanced safeguards.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>There are several ways you can get involved to help make Stream better:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Report Bugs:\u003C\u002Fstrong> If you find a bug, error or other problem, please report it! You can do this by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fstream\" rel=\"ugc\">creating a new topic\u003C\u002Fa> in the plugin forum. Once a developer can verify the bug by reproducing it, they will create an official bug report in GitHub where the bug will be worked on.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Translate into Your Language:\u003C\u002Fstrong> Use the official plugin translation tool to \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fstream\u002F\" rel=\"nofollow ugc\">translate Stream into your language\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Suggest New Features:\u003C\u002Fstrong> Have an awesome idea? Please share it! Simply \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fstream\" rel=\"ugc\">create a new topic\u003C\u002Fa> in the plugin forum to express your thoughts on why the feature should be included and get a discussion going around your idea.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Issue Pull Requests:\u003C\u002Fstrong> If you’re a developer, the easiest way to get involved is to help out on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fx-team\u002Fwp-stream\u002Fissues\" rel=\"nofollow ugc\">issues already reported\u003C\u002Fa> in GitHub. Be sure to check out the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fx-team\u002Fwp-stream\u002Fblob\u002Fmaster\u002Fcontributing.md\" rel=\"nofollow ugc\">contributing guide\u003C\u002Fa> for developers.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Thank you for wanting to make Stream better for everyone!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fxwp\u002Fstream\u002Fgraphs\u002Fcontributors\" rel=\"nofollow ugc\">View contributors here.\u003C\u002Fa>\u003C\u002Fp>\n","With Stream, you’re never left in the dark about changes to your WordPress site.",80000,2173764,86,76,"2026-02-24T12:24:00.000Z","6.9.4","4.6","",[20,21,4,22,23],"activity","logs","track","wp-stream","https:\u002F\u002Fxwp.co\u002Fwork\u002Fstream\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstream.4.1.2.zip",93,7,0,"2025-02-14 00:00:00","2026-03-15T15:16:48.613Z",[32,48,64,79,90,101,115],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-13879","stream-authenticated-admin-server-side-request-forgery","Stream \u003C= 4.0.2 - Authenticated (Admin+) Server-Side Request Forgery","The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.",null,"\u003C=4.0.2","4.1.0","medium",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Server-Side Request Forgery (SSRF)","2025-02-17 15:21:19",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8680ad0a-7513-408d-a62d-ffb0b0e7addb?source=api-prod",4,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":55,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"CVE-2024-7423","stream-cross-site-request-forgery-to-arbitrary-options-update","Stream \u003C= 4.0.1 - Cross-Site Request Forgery to Arbitrary Options Update","The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can lead to DoS or privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=4.0.1","4.0.2","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)","2024-09-12 00:00:00","2024-09-13 15:10:43",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9d15e418-36bb-4f53-ac67-8f6122591dd2?source=api-prod",2,{"id":65,"url_slug":66,"title":67,"description":68,"plugin_slug":4,"theme_slug":37,"affected_versions":69,"patched_in_version":70,"severity":40,"cvss_score":71,"cvss_vector":72,"vuln_type":73,"published_date":74,"updated_date":75,"references":76,"days_to_patch":78},"CVE-2022-43450","stream-missing-authorization-via-loadalertssettings","Stream \u003C= 3.9.2 - Missing Authorization via load_alerts_settings","The Stream plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_alerts_settings function in versions up to, and including, 3.9.2. This makes it possible for authenticated attackers with subscriber-level permissions or above to view arbitrary alerts.","\u003C3.9.3","3.9.3",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Missing Authorization","2023-04-25 00:00:00","2024-01-22 19:56:02",[77],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd58e4317-8ad5-40d5-98b8-f8f07ab37e1f?source=api-prod",273,{"id":80,"url_slug":81,"title":82,"description":83,"plugin_slug":4,"theme_slug":37,"affected_versions":84,"patched_in_version":70,"severity":40,"cvss_score":71,"cvss_vector":85,"vuln_type":58,"published_date":86,"updated_date":75,"references":87,"days_to_patch":89},"CVE-2022-43490","stream-cross-site-request-forgery","Stream \u003C= 3.9.2 - Cross-Site Request Forgery","The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.2. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=3.9.2","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","2023-04-18 00:00:00",[88],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe7203b5c-5753-453c-8fc2-26fcebdeea5b?source=api-prod",280,{"id":91,"url_slug":92,"title":93,"description":94,"plugin_slug":4,"theme_slug":37,"affected_versions":95,"patched_in_version":96,"severity":40,"cvss_score":71,"cvss_vector":72,"vuln_type":73,"published_date":97,"updated_date":75,"references":98,"days_to_patch":100},"CVE-2022-4384","stream-missing-authorization-to-sensitive-information-disclosure","Stream \u003C= 3.9.1 - Missing Authorization to Sensitive Information Disclosure","The Stream plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'save_new_alert' and 'get_new_alert_triggers_notifications' functions in versions up to, and including, 3.9.1. This makes it possible for subscriber-level attackers to use the plugin's alert functionality and potentially leak sensitive information.","\u003C=3.9.1","3.9.2","2023-01-16 00:00:00",[99],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F67f81b8a-ef0a-4b6d-a1ee-3e19bda6fd96?source=api-prod",372,{"id":102,"url_slug":103,"title":104,"description":105,"plugin_slug":4,"theme_slug":37,"affected_versions":106,"patched_in_version":107,"severity":55,"cvss_score":108,"cvss_vector":109,"vuln_type":110,"published_date":111,"updated_date":75,"references":112,"days_to_patch":114},"CVE-2021-24772","stream-admin-sql-injection","Stream \u003C= 3.8.1 - Admin+ SQL Injection","The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue.","\u003C=3.8.1","3.8.2",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2021-10-18 00:00:00",[113],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F26926973-36b7-4ad2-8267-2de4749159ab?source=api-prod",827,{"id":116,"url_slug":117,"title":118,"description":119,"plugin_slug":4,"theme_slug":37,"affected_versions":120,"patched_in_version":121,"severity":55,"cvss_score":122,"cvss_vector":123,"vuln_type":124,"published_date":125,"updated_date":75,"references":126,"days_to_patch":128},"WF-ecd68933-e808-4816-b9d2-7491194f2347-stream","stream-sensitive-data-exposure","Stream \u003C= 3.0.5 - Sensitive Data Exposure","The Stream plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 3.0.5. This can allow unauthenticated attackers to extract sensitive data including logged entries.","\u003C=3.0.5","3.0.6",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Exposure of Sensitive Information to an Unauthorized Actor","2016-05-31 00:00:00",[127],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fecd68933-e808-4816-b9d2-7491194f2347?source=api-prod",2793,{"slug":130,"display_name":7,"profile_url":8,"plugin_count":131,"total_installs":132,"avg_security_score":26,"avg_patch_time_days":133,"trust_score":134,"computed_at":135},"xwp",16,118450,482,74,"2026-04-04T11:00:01.064Z",[137,161,183,203,226],{"slug":138,"name":139,"version":140,"author":141,"author_profile":142,"description":143,"short_description":144,"active_installs":28,"downloaded":145,"rating":146,"num_ratings":147,"last_updated":148,"tested_up_to":149,"requires_at_least":150,"requires_php":151,"tags":152,"homepage":158,"download_link":159,"security_score":160,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"telelog","TeleLog","1.0.3","Mahdyar Hasanpour","https:\u002F\u002Fprofiles.wordpress.org\u002Fmahdyarme\u002F","\u003Cp>This plugin is still under development and more hooks will be added soon, but for now, the full list of its hooks are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Post publish\u003C\u002Fli>\n\u003Cli>Post update\u003C\u002Fli>\n\u003Cli>New comment\u003C\u002Fli>\n\u003Cli>Login fail\u003C\u002Fli>\n\u003Cli>New plugin activation\u003C\u002Fli>\n\u003Cli>New plugin deactivation\u003C\u002Fli>\n\u003Cli>Theme switch\u003C\u002Fli>\n\u003Cli>New user registation\u003C\u002Fli>\n\u003Cli>New WooCommerce order\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Set up\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Create a new Telegram bot. (\u003Ca href=\"https:\u002F\u002Fcore.telegram.org\u002Fbots#3-how-do-i-create-a-bot\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Go to TeleLog admin page from your wordpress dashboard.\u003C\u002Fli>\n\u003Cli>Copy your bot token from botfather and paste it in the “API Key” field.\u003C\u002Fli>\n\u003Cli>If you want TeleLog to send the logs to your personal account, you can use your userid and put it in the “Chat ID” field (\u003Ca href=\"https:\u002F\u002Ft.me\u002Fuserinfobot\" rel=\"nofollow ugc\">Find your userid\u003C\u002Fa>), the other option is to create a channel and make your bot an admin with “Post Messages” access and enter the channel username as “Chat ID”, with an atsign(@) before it, e.g: \u003Ccode>@username\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For every event that TeleLog sends it also reports the:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User who did the change\u003C\u002Fli>\n\u003Cli>The object on which the change happenned.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>TeleLog in your language!\u003C\u002Fh4>\n\u003Cp>We need help translating TeleLog, feel free to contribute to our\u003Cbr \u002F>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmahdyar\u002Ftelelog\" rel=\"nofollow ugc\">GitHub Repository\u003C\u002Fa>. TeleLog currently supports:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>Persian\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Install TeleLog from within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Add New’\u003C\u002Fli>\n\u003Cli>Search for ‘TeleLog’\u003C\u002Fli>\n\u003Cli>Install and activate the TeleLog plugin\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Install TeleLog manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload the \u003Ccode>telelog\u003C\u002Fcode> directory to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the TeleLog plugin from the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n","Keep track of everything happening on your WordPress in Telegram",1049,100,1,"2021-10-07T09:00:00.000Z","5.8.13","4.4","7.0",[153,154,155,156,157],"activity-log","audit-log","security-audit-log","user-tracking","wordpress-activity-logs","https:\u002F\u002Fgithub.com\u002Fmahdyar\u002Ftelelog","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftelelog.1.0.3.zip",85,{"slug":162,"name":163,"version":164,"author":165,"author_profile":166,"description":167,"short_description":168,"active_installs":169,"downloaded":170,"rating":171,"num_ratings":172,"last_updated":173,"tested_up_to":16,"requires_at_least":174,"requires_php":175,"tags":176,"homepage":179,"download_link":180,"security_score":181,"vuln_count":47,"unpatched_count":28,"last_vuln_date":182,"fetched_at":30},"simple-history","Simple History – Track, Log, and Audit WordPress Changes","5.24.1","Pär Thernström","https:\u002F\u002Fprofiles.wordpress.org\u002Feskapism\u002F","\u003Cp>Trusted by 300,000+ WordPress sites, rated 4.9 stars with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-history\u002Freviews\u002F?filter=5\" rel=\"ugc\">430+ five-star reviews\u003C\u002Fa>, actively developed for 10+ years, and translated into 15+ languages.\u003C\u002Fp>\n\u003Cp>Simple History is the complete audit log for WordPress. It tracks every meaningful change — content edits, user logins, plugin updates, security events, and more — so site owners, teams, agencies, and developers always know who did what and when. Just install and activate; no configuration required.\u003C\u002Fp>\n\u003Ch3>🔍 How Simple History Helps in Real Situations\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Track what’s happening on your site\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>“Has anyone done anything today? Ah, Sarah uploaded the new press release and created an article for it. Great — now I don’t have to do that.”\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Identify issues and debug faster\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>“The site feels slow since yesterday. Has anyone done anything special? … Ah, Steven activated ‘naughty-plugin-x’, that must be it.”\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Keep freelancers & agencies accountable\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>“I hired a developer to optimize my site. But did they actually do anything? A quick glance at Simple History shows me exactly what they worked on.”\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spot suspicious activity early\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>“I see three failed logins from an unfamiliar IP address overnight. Let me click the IP to check all activity from that address — just those attempts, nothing else. Good to know.”\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>✨ What Simple History Tracks\u003C\u002Fh3>\n\u003Ch4>Security & Monitoring\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Failed user logins with IP tracking and filtering by type (wrong password vs. non-existent username)\u003C\u002Fli>\n\u003Cli>Core file integrity checks against official checksums\u003C\u002Fli>\n\u003Cli>Forced security auto-updates from WordPress.org\u003C\u002Fli>\n\u003Cli>Site Health status changes\u003C\u002Fli>\n\u003Cli>Admin page access denied events\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Content & Users\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Posts, pages, and custom post types — create, edit, delete, and homepage assignment\u003C\u002Fli>\n\u003Cli>Attachments with image edit details (crop, rotate, flip, scale) and thumbnail previews\u003C\u002Fli>\n\u003Cli>Taxonomies with detailed diffs of name, slug, description, and parent\u003C\u002Fli>\n\u003Cli>Comments, menus (with item-level detail), and widgets\u003C\u002Fli>\n\u003Cli>User profiles, logins, logouts, and role changes\u003C\u002Fli>\n\u003Cli>Notes — the collaboration feature in WordPress 6.9\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>System & Updates\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Plugin lifecycle: install, update, activate, deactivate, delete, and auto-update toggle\u003C\u002Fli>\n\u003Cli>Theme install, update, activate, switch, and delete\u003C\u002Fli>\n\u003Cli>WordPress core updates (manual and automatic)\u003C\u002Fli>\n\u003Cli>Translation and language pack updates\u003C\u002Fli>\n\u003Cli>Available update notifications\u003C\u002Fli>\n\u003Cli>Settings and option screen changes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy & Compliance\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Privacy data export and user data erasure requests\u003C\u002Fli>\n\u003Cli>Privacy page changes\u003C\u002Fli>\n\u003Cli>IP addresses anonymized by default — no cookies, no external fonts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔌 Built-in Third-Party Plugin Support\u003C\u002Fh3>\n\u003Cp>Simple History includes built-in logging for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Jetpack\u003C\u002Fstrong> – Module activations and deactivations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Custom Fields (ACF)\u003C\u002Fstrong> – Field group and field changes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Switching\u003C\u002Fstrong> – User switch events\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP Crontrol\u003C\u002Fstrong> – Cron event and schedule changes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enable Media Replace\u003C\u002Fstrong> – File replacement details\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Login Attempts\u003C\u002Fstrong> – Login attempts, lockouts, and config changes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection\u003C\u002Fstrong> – Redirect and group changes, global settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Duplicate Post\u003C\u002Fstrong> – Post and page cloning\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Beaver Builder\u003C\u002Fstrong> – Layout, template, and settings saves\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Is your plugin missing? Plugin authors can add support using the \u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fdocs\u002Flogging-api\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_logging_api\" rel=\"nofollow ugc\">logging API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>💬 What Users Say\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-history\u002Freviews\u002F?filter=5\" rel=\"ugc\">430+ five-star reviews\u003C\u002Fa> on WordPress.org:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>“So far the best and most comprehensive logging plugin”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fso-far-the-best-and-most-comprehensive-logging-plugin\u002F\" rel=\"ugc\">@herrschuessler\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“The best history plugin I’ve found”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fthe-best-history-plugin-ive-found\u002F\" rel=\"ugc\">Rich Mehta\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Fantastic plugin I use on all sites”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Ffantastic-plugin-i-use-on-all-sites\u002F\" rel=\"ugc\">Duncan Michael-MacGregor\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“It is a standard plugin for all of our sites”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fit-is-a-standard-plugin-for-all-of-our-sites\u002F\" rel=\"ugc\">Mr Tibbs\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 View Your Log Everywhere\u003C\u002Fh3>\n\u003Cp>Simple History starts tracking instantly after activation — no setup needed. It even imports recent activity so your log isn’t empty on day one. Access your log from:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Dashboard widget\u003C\u002Fstrong> – Activity stats summary and recent events\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin bar quick view\u003C\u002Fstrong> – Dropdown with latest events on any admin page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Command palette\u003C\u002Fstrong> – Type “Simple History” to jump to the log for the current post\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dedicated admin page\u003C\u002Fstrong> – Full log with search, filters, and insights sidebar\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email reports\u003C\u002Fstrong> – Weekly summary delivered to your inbox\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RSS feed\u003C\u002Fstrong> – Password-protected feed for your favorite reader\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP-CLI\u003C\u002Fstrong> – Command-line access for automation and scripting\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API\u003C\u002Fstrong> – Programmatic access for custom integrations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📧 Weekly Email Reports – Stay Informed Without Logging In\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Ffeatures\u002Femail-reports-weekly\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_email_reports\" rel=\"nofollow ugc\">Weekly email reports\u003C\u002Fa> deliver a summary of your site’s activity every Monday morning — total activity, daily breakdown, key metrics (logins, content updates, plugin changes), and direct links to the full log.\u003C\u002Fp>\n\u003Cp>Perfect for site owners, agencies managing client sites, and teams who need regular updates without logging in. Enable it in settings and \u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Ffeatures\u002Femail-reports-weekly\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_email_reports#example\" rel=\"nofollow ugc\">see what the email looks like\u003C\u002Fa> before turning it on.\u003C\u002Fp>\n\u003Ch3>🛠️ For Developers & Power Users\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>WP-CLI\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Ffeatures\u002Fwp-cli-commands\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_wp_cli_commands\" rel=\"nofollow ugc\">List, search, and export events\u003C\u002Fa> from the command line — perfect for automation and managing multiple sites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API\u003C\u002Fstrong> – Full programmatic access to query the log and add custom events. See the \u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fdocs\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_overview\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Logging API\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fdocs\u002Flogging-api\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_logging_api\" rel=\"nofollow ugc\">Log your own events\u003C\u002Fa> from themes and plugins with a single line of code\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RSS feed\u003C\u002Fstrong> – Subscribe to changes using any feed reader\u003C\u002Fli>\n\u003Cli>\u003Cstrong>AI & agent-friendly\u003C\u002Fstrong> – The REST API and RSS feed make Simple History accessible to AI agents and automated workflows like Claude Code\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stealth Mode\u003C\u002Fstrong> – Run Simple History completely hidden from the admin interface via code; \u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fadd-ons\u002Fpremium?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_stealth_mode\" rel=\"nofollow ugc\">Premium\u003C\u002Fa> adds a GUI. Ideal for agencies and client sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔆 Extend with Add-ons\u003C\u002Fh3>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fadd-ons\u002Fpremium?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_premium\" rel=\"nofollow ugc\">Simple History Premium\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Alerts & Notifications\u003C\u002Fstrong> – Get notified instantly via Email, Slack, Discord, or Telegram when important events occur. Start quickly with preset rules for common scenarios or build custom rules filtered by event type, user, role, and log level.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Log Forwarding\u003C\u002Fstrong> – Stream events to external destinations: local log files, syslog servers (UDP\u002FTCP\u002FTLS), Datadog, Splunk, webhooks, or external MySQL\u002FMariaDB databases. Perfect for centralized logging, compliance, and backup.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhanced Controls\u003C\u002Fstrong> – Custom retention periods (or keep logs forever), CSV\u002FJSON export of filtered search results, post activity panel in the block editor, custom log entries for team decisions, stealth mode GUI, logger control to fine-tune which events are recorded, and an ad-free experience.\u003C\u002Fp>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fadd-ons\u002Fwoocommerce\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=addons&utm_content=readme_addon_woocommerce\" rel=\"nofollow ugc\">WooCommerce Logger\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>Track WooCommerce activity: orders, refunds, stock changes, product updates, pricing adjustments, settings modifications, and coupon usage.\u003C\u002Fp>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fadd-ons\u002Fdebug-and-monitor\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=addons&utm_content=readme_addon_debug_monitor\" rel=\"nofollow ugc\">Debug and Monitor\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>Monitor outgoing HTTP requests and emails, debug API calls, and see what’s happening under the hood. Essential for developers and support teams.\u003C\u002Fp>\n\u003Ch3>💚 Sponsor this project\u003C\u002Fh3>\n\u003Cp>If you like this plugin please consider \u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fsponsor\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=sponsorship&utm_content=readme_sponsor_footer\" rel=\"nofollow ugc\">sponsoring the development of the free plugin\u003C\u002Fa>. The plugin has been free for over 10 years and will continue to be free.\u003C\u002Fp>\n","Track changes and user activities on your WordPress site. See who created a page, uploaded an attachment, and more, for a complete audit trail.",300000,11308682,98,461,"2026-03-14T20:29:00.000Z","6.3","7.4",[20,154,177,178,156],"event-log","history","https:\u002F\u002Fsimple-history.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-history.5.24.1.zip",96,"2025-06-05 21:58:10",{"slug":184,"name":185,"version":186,"author":187,"author_profile":188,"description":189,"short_description":190,"active_installs":169,"downloaded":191,"rating":192,"num_ratings":193,"last_updated":194,"tested_up_to":16,"requires_at_least":195,"requires_php":175,"tags":196,"homepage":198,"download_link":199,"security_score":200,"vuln_count":201,"unpatched_count":28,"last_vuln_date":202,"fetched_at":30},"wp-security-audit-log","WP Activity Log","5.6.1","Melapress","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelapress\u002F","\u003Ch3>Monitor activity on your WordPress sites and get clear insights into what’s happening with detailed user and event logging.\u003C\u002Fh3>\n\u003Cp>Keep \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-activity-log\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wsal\" rel=\"nofollow ugc\">WordPress logs\u003C\u002Fa> of everything that happens on your sites and multisite networks with WP Activity Log instantly, without writing a line of code.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easily detect suspicious activity\u003C\u002Fstrong> on your WordPress site before it escalates\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Record failed login attempts\u003C\u002Fstrong> to detect potential security breaches and strengthen site protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track user logins and logouts\u003C\u002Fstrong> to ensure SLAs are consistently met\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Monitor user activity and productivity\u003C\u002Fstrong> to boost accountability\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Know exactly what all your users are doing\u003C\u002Fstrong> in real time\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Know what happened before an outage\u003C\u002Fstrong> for faster, easier troubleshooting\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ensure compliance with regulations and standards\u003C\u002Fstrong> like GDPR and PCI DSS\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Better manage & organize your site and users\u003C\u002Fstrong> for smoother operations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple setup\u003C\u002Fstrong> ensures you start benefiting quickly and easily\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WP Activity Log is a complete logging solution, helping hundreds of thousands of administrators and security professionals track changes on their websites thanks to real-time user activity monitoring.\u003C\u002Fp>\n\u003Cp>💎 Need more extensive features? Unlock advanced reporting, exports\u002Fmirroring, session management, and real-time alerts with \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-activity-log\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wsal\" rel=\"nofollow ugc\">WP Activity Log premium or enterprise\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FpgFEMIvKFTA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>What WordPress changes WP Activity Log tracks\u003C\u002Fh3>\n\u003Cp>A website activity log is important for improving troubleshooting, compliance, user management, and security.\u003Cbr \u002F>\nGet WP Activity Log and keep track of events on your site. The log not only tells you that a post, a user profile, or an object was updated, it also lets you know exactly what changed, when, and includes a user log (by whom), so you always have the information you need.\u003C\u002Fp>\n\u003Cp>Below is a summary of the changes that the plugin can keep a record of:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Post, page, and custom post type changes\u003C\u002Fstrong>: Status, content changes, title, URL, custom field, and other metadata changes\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Tags and category changes\u003C\u002Fstrong>: Creating, modifying, deleting, and adding\u002Fremoving them from posts\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Widget and menu changes\u003C\u002Fstrong>: Creating, modifying, or deleting them\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User changes\u003C\u002Fstrong>: User created or registered, deleted, or added to a site on multisite network\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User profile changes\u003C\u002Fstrong>: Password, email, display name, and role changes\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Access logging\u003C\u002Fstrong>: User login, logout, failed logins, and terminating other sessions\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WordPress core and settings changes\u003C\u002Fstrong>: Installed updates, permalinks, default role, URL, and other site-wide changes\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WordPress multisite network changes\u003C\u002Fstrong>: Adding, deleting, or archiving sites, adding or removing users from sites, etc.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Plugin and Theme changes\u003C\u002Fstrong>: Installing, activating, deactivating, uninstalling, and updating\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WordPress database changes\u003C\u002Fstrong>: When a plugin adds or removes a table\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Third-party plugin changes\u003C\u002Fstrong>: WooCommerce Stores & products, Yoast SEO, RankMath, Termly, WPForms, Gravity Forms, Advanced Custom Fields (ACF), MainWP, ManageWP, WP Umbrella, and other popular WordPress plugins\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WordPress site file changes\u003C\u002Fstrong>: New files added, or existing files modified or deleted.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Event details recorded\u003C\u002Fh4>\n\u003Cp>Detailed event logging ensures that for every event that the plugin records, it reports the:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Date & time (and milliseconds) of when it happened\u003C\u002Fli>\n\u003Cli>User & role of the user who did the change\u003C\u002Fli>\n\u003Cli>Source IP address from where the change happened\u003C\u002Fli>\n\u003Cli>The object on which the change has taken place\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Refer to \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002Fwp-activity-log-list-event-ids\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wsal\" rel=\"nofollow ugc\">WordPress activity log event IDs\u003C\u002Fa> for a complete list of all the changes WP Activity Log can keep a record of and a detailed explanation of what change every event ID represents.\u003C\u002Fp>\n\u003Ch3>💎 Upgrade to WP Activity Log Premium and get even more\u003C\u002Fh3>\n\u003Cp>The premium edition of WP Activity Log takes WordPress user activity tracking to the next level. It comes bundled with even more features, including log mirroring, enterprise-grade support, user session management, and much more!\u003C\u002Fp>\n\u003Ch4>Premium features list\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>See who is logged in\u003C\u002Fstrong> and monitor their current activities in real-time\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Log off any user\u003C\u002Fstrong> at the click of a button\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Generate fully-configurable HTML and CSV reports\u003C\u002Fstrong> for easy data analysis\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Receive email, SMS, and Slack notifications\u003C\u002Fstrong> for important changes (fully configurable)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Use search filters\u003C\u002Fstrong> to fine-tune results and find what you need in seconds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Store the activity logs in an external database\u003C\u002Fstrong> to enhance security and scalability\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mirror the activity log\u003C\u002Fstrong> to log management systems such as AWS CloudWatch, Loggly, Papertrail, and others in real-time\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mirror the logs to business communication systems\u003C\u002Fstrong> like Slack\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Send a copy of your website’s activity log\u003C\u002Fstrong> to a log file on your web server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Archive old activity log data\u003C\u002Fstrong> to another database for improved storage and log management\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add notes to activity log entries\u003C\u002Fstrong> for better context and internal documentation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Refer to the \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-activity-log\u002Ffeatures\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wsal\" rel=\"nofollow ugc\">WP Activity Log plugin features and benefits page\u003C\u002Fa> to learn more about the benefits of upgrading to WP Activity Log Premium.\u003C\u002Fp>\n\u003Ch3>🔌 WP Activity Log third-party plugin support\u003C\u002Fh3>\n\u003Cp>All WP Activity Log editions include activity tracking for third-party plugins, including (in alphabetical order):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Advanced Custom Fields (ACF)\u003C\u002Fstrong> – Log changes to post types, taxonomies, and taxonomy terms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>bbPress\u003C\u002Fstrong> – Track changes to forums, topics, and bbPress settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gravity Forms\u003C\u002Fstrong> – Track changes to Gravity Forms settings, forms, and entries (leads)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LearnDash\u003C\u002Fstrong> – Track changes to courses, lessons, and other system changes, as well as student activity such as course, lesson, and quiz enrollments and completions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MemberPress\u003C\u002Fstrong> – Log changes to plugin settings, memberships, payments, subscriptions, and other actions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite & management tools\u003C\u002Fstrong> – Track changes across your network for \u003Cstrong>MainWP, ManageWP, Modular DS, Infinite WP, WP Umbrella, WP Remote\u003C\u002Fstrong>, and other multisite management plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Paid Membership Pro\u003C\u002Fstrong> – Log changes to membership levels, user assignments, and more. Premium users can also track order and checkout activity, and access a Members Activity panel inside each member’s profile for instant visibility into recent actions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RankMath\u003C\u002Fstrong> – Log changes to RankMath settings, SEO configurations, and on-page SEO edits\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection\u003C\u002Fstrong> – Keep a log of changes to redirections and redirection groups\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Termly\u003C\u002Fstrong> – Log changes to Termly settings and configurations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce\u003C\u002Fstrong> – Keep a log of changes to store settings, orders, products, coupons, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPForms\u003C\u002Fstrong> – Log changes to WPForms settings, forms, form files, and entries (leads)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Yoast SEO\u003C\u002Fstrong> – Track changes to Yoast SEO settings and on-page SEO in the Yoast SEO meta box\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Extra Features for Enhanced Monitoring and Management\u003C\u002Fh3>\n\u003Cp>Both free and premium editions of WP Activity Log include a number of non-logging specific features that make the plugin a complete WordPress monitoring solution. Here is what is included:\u003C\u002Fp>\n\u003Ch4>Free\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Built-in support for reverse proxies and web application firewalls\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integration with WhatIsMyIpAddress.com\u003C\u002Fstrong> – get all information about an IP address with a single click\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit who can view the WordPress activity log\u003C\u002Fstrong> by users or roles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enable or disable individual event IDs\u003C\u002Fstrong> from the activity log\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable dashboard widget\u003C\u002Fstrong> highlighting the most recent critical activity\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable WordPress activity log retention policies\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Display user avatars\u003C\u002Fstrong> in events for better recognizability\u003C\u002Fli>\n\u003Cli>\u003Cstrong>And much more!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium\u003C\u002Fh4>\n\u003Cp>Everything that’s included in the Free edition, plus:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Full WordPress multisite support\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Create custom alerts & notifications\u003C\u002Fstrong> to monitor additional functionality\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Import and export plugin settings\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time activity log\u003C\u002Fstrong> visible in the WordPress admin toolbar\u003C\u002Fli>\n\u003Cli>\u003Cstrong>And much more!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ Free and premium plugin support\u003C\u002Fh3>\n\u003Cp>If you encounter any issues with the free edition of WP Activity Log, you can post and get help on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-security-audit-log\u002F\" rel=\"ugc\">WordPress.org support forums\u003C\u002Fa>. You can also find more technical information and plugin documentation on the \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wsal\" rel=\"nofollow ugc\">Melapress knowledge base\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Premium plugins include a full year of free updates and dedicated one-to-one premium email support. This means you get direct access to our support team who will assist you with any questions or issues related to the plugins.\u003C\u002Fp>\n\u003Ch3>As featured on:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fkinsta.com\u002Fblog\u002Fwordpress-activity-log\u002F\" rel=\"nofollow ugc\">Kinsta\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpagely.com\u002Fblog\u002F2015\u002F01\u002Flog-wordpress-dashboard-activity-improved-security-auditing\u002F\" rel=\"nofollow ugc\">Pagely\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.shoutmeloud.com\u002Fwordpress-security-audit-log.html\" rel=\"nofollow ugc\">Shout Me Loud\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fthedevcouple.com\u002Fwp-security-audit-log-review\u002F\" rel=\"nofollow ugc\">The Dev Couple\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.wpkube.com\u002Fimprove-wordpress-security-wp-security-audit-log\u002F\" rel=\"nofollow ugc\">WPKube\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.techwibe.com\u002Fwp-security-audit-log-wordpress-plugin\u002F\" rel=\"nofollow ugc\">Techwibe\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftidyrepo.com\u002Fwp-security-audit-log-wordpress-activity-log\u002F\" rel=\"nofollow ugc\">Tidy Repo\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.kitploit.com\u002F2016\u002F10\u002Fwp-security-audit-log-ultimate.html\" rel=\"nofollow ugc\">KitPloit\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>and many others.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>MAINTAINED & SUPPORTED BY MELAPRESS\u003C\u002Fh3>\n\u003Cp>Melapress develops high-quality WordPress management and security plugins such as Melapress Login Security, WP 2FA, and Melapress Role Editor.\u003C\u002Fp>\n\u003Cp>Browse our list of \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wsal\" rel=\"nofollow ugc\">WordPress security and administration plugins\u003C\u002Fa> to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users.\u003C\u002Fp>\n\u003Ch3>Installing WP Activity Log\u003C\u002Fh3>\n\u003Ch3>Install WP Activity Log from within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Add New’\u003C\u002Fli>\n\u003Cli>Search for ‘WP Activity Log’\u003C\u002Fli>\n\u003Cli>Install and activate the WP Activity Log plugin\u003C\u002Fli>\n\u003Cli>Allow or skip diagnostic tracking\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Install WP Activity Log manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Extract the plugin ZIP file and upload it to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the WP Activity Log plugin from the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>Allow or skip diagnostic tracking\u003C\u002Fli>\n\u003C\u002Fol>\n","The #1 user-rated activity log plugin for event logging, activity monitoring and change tracking.",8547852,94,477,"2026-03-05T09:20:00.000Z","5.5",[153,177,178,197,156],"logger","https:\u002F\u002Fmelapress.com\u002Fwordpress-activity-log\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-security-audit-log.5.6.1.zip",82,11,"2026-02-14 00:00:00",{"slug":204,"name":205,"version":206,"author":207,"author_profile":208,"description":209,"short_description":210,"active_installs":211,"downloaded":212,"rating":171,"num_ratings":213,"last_updated":214,"tested_up_to":16,"requires_at_least":215,"requires_php":175,"tags":216,"homepage":221,"download_link":222,"security_score":223,"vuln_count":224,"unpatched_count":28,"last_vuln_date":225,"fetched_at":30},"activitypub","ActivityPub","8.0.1","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>Enter the fediverse with \u003Cstrong>ActivityPub\u003C\u002Fstrong>, broadcasting your blog to a wider audience! Attract followers, deliver updates, and receive comments from a diverse user base of \u003Cstrong>ActivityPub\u003C\u002Fstrong>-compliant platforms.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FQzYozbNneVc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>With the ActivityPub plugin installed, your WordPress blog itself functions as a federated profile, along with profiles for each author. For instance, if your website is \u003Ccode>example.com\u003C\u002Fcode>, then the blog-wide profile can be found at \u003Ccode>@example.com@example.com\u003C\u002Fcode>, and authors like Jane and Bob would have their individual profiles at \u003Ccode>@jane@example.com\u003C\u002Fcode> and \u003Ccode>@bob@example.com\u003C\u002Fcode>, respectively.\u003C\u002Fp>\n\u003Cp>An example: I give you my Mastodon profile name: \u003Ccode>@pfefferle@mastodon.social\u003C\u002Fcode>. You search, see my profile, and hit follow. Now, any post I make appears in your Home feed. Similarly, with the ActivityPub plugin, you can find and follow Jane’s profile at \u003Ccode>@jane@example.com\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Once you follow Jane’s \u003Ccode>@jane@example.com\u003C\u002Fcode> profile, any blog post she crafts on \u003Ccode>example.com\u003C\u002Fcode> will land in your Home feed. Simultaneously, by following the blog-wide profile \u003Ccode>@example.com@example.com\u003C\u002Fcode>, you’ll receive updates from all authors.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: If no one follows your author or blog instance, your posts remain unseen. The simplest method to verify the plugin’s operation is by following your profile. If you possess a Mastodon profile, initiate by following your new one.\u003C\u002Fp>\n\u003Cp>The plugin works with the following tested federated platforms, but there may be more that it works with as well:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjoinmastodon.org\u002F\" rel=\"nofollow ugc\">Mastodon\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpleroma.social\u002F\" rel=\"nofollow ugc\">Pleroma\u003C\u002Fa>\u002F\u003Ca href=\"https:\u002F\u002Fakkoma.social\u002F\" rel=\"nofollow ugc\">Akkoma\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffriendi.ca\u002F\" rel=\"nofollow ugc\">friendica\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhubzilla.org\u002F\" rel=\"nofollow ugc\">Hubzilla\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpixelfed.org\u002F\" rel=\"nofollow ugc\">Pixelfed\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsocialhome.network\u002F\" rel=\"nofollow ugc\">Socialhome\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjoin.misskey.page\u002F\" rel=\"nofollow ugc\">Misskey\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some things to note:\u003C\u002Fp>\n\u003Col>\n\u003Cli>The blog-wide profile is only compatible with sites with rewrite rules enabled. If your site does not have rewrite rules enabled, the author-specific profiles may still work.\u003C\u002Fli>\n\u003Cli>Many single-author blogs have chosen to turn off or redirect their author profile pages, usually via an SEO plugin like Yoast or Rank Math. This is usually done to avoid duplicate content with your blog’s home page. If your author page has been deactivated in this way, then ActivityPub author profiles won’t work for you. Instead, you can turn your author profile page back on, and then use the option in your SEO plugin to noindex the author page. This will still resolve duplicate content issues with search engines and will enable ActivityPub author profiles to work.\u003C\u002Fli>\n\u003Cli>Once ActivityPub is installed, \u003Cem>only new posts going forward\u003C\u002Fem> will be available in the fediverse. Likewise, even if you’ve been using ActivityPub for a while, anyone who follows your site will only see new posts you publish from that moment on. They will never see previously-published posts in their Home feed. This process is very similar to subscribing to a newsletter. If you subscribe to a newsletter, you will only receive future emails, but not the old archived ones. With ActivityPub, if someone follows your site, they will only receive new blog posts you publish from then on.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>So what’s the process?\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install the ActivityPub plugin.\u003C\u002Fli>\n\u003Cli>Go to the plugin’s settings page and adjust the settings to your liking. Click the Save button when ready.\u003C\u002Fli>\n\u003Cli>Make sure your blog’s author profile page is active if you are using author profiles.\u003C\u002Fli>\n\u003Cli>Go to Mastodon or any other federated platform, and search for your profile, and follow it. Your new profile will be in the form of either \u003Ccode>@your_username@example.com\u003C\u002Fcode> or \u003Ccode>@example.com@example.com\u003C\u002Fcode>, so that is what you’ll search for.\u003C\u002Fli>\n\u003Cli>On your blog, publish a new post.\u003C\u002Fli>\n\u003Cli>From Mastodon, check to see if the new post appears in your Home feed.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: It may take up to 15 minutes or so for the new post to show up in your federated feed. This is because the messages are sent to the federated platforms using a delayed cron. This avoids breaking the publishing process for those cases where users might have lots of followers. So please don’t assume that just because you didn’t see it show up right away that something is broken. Give it some time. In most cases, it will show up within a few minutes, and you’ll know everything is working as expected.\u003C\u002Fp>\n","Connect your site to the Open Social Web and let millions of users follow, share, and interact with your content from Mastodon, Pixelfed, and more.",6000,495122,39,"2026-03-11T09:26:00.000Z","6.5",[204,217,218,219,220],"activitystream","fediverse","indieweb","social-web","https:\u002F\u002Fgithub.com\u002FAutomattic\u002Fwordpress-activitypub","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivitypub.8.0.1.zip",99,5,"2024-01-05 00:00:00",{"slug":227,"name":228,"version":229,"author":230,"author_profile":231,"description":232,"short_description":233,"active_installs":234,"downloaded":235,"rating":146,"num_ratings":236,"last_updated":237,"tested_up_to":238,"requires_at_least":239,"requires_php":18,"tags":240,"homepage":246,"download_link":247,"security_score":160,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"disable-user-gravatar","Disable User Gravatar","3.1","Marcus (aka @msykes)","https:\u002F\u002Fprofiles.wordpress.org\u002Fnetweblogic\u002F","\u003Cp>This is a very simple and lightweight plugin that anonymizes default avatars and prevents the user’s gravatar being automatically obtained from gravatar.com based on their registered email. This would be useful for sites where users require an extra layer of privacy, or if you just want to prevent potentially silly or embarrasing avatar accidents.\u003C\u002Fp>\n\u003Cp>If you’re using Identicons or any other generated default avatar, the user should keep a consistent avatar unless they change their registered email.\u003C\u002Fp>\n\u003Cp>You can also disable Gravatar completely and choose a default image to display.\u003C\u002Fp>\n\u003Cp>This plugin is also compatible with other avatar customization plugins such as \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Favatar-manager\u002F\" rel=\"ugc\">Avatar Manager\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress\u002F\" rel=\"ugc\">BuddyPress\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadd-new-default-avatar\u002F\" rel=\"ugc\">Add New Default Avatar\u003C\u002Fa>, since this plugin specifically prevents the gravatar of a specific user email being used and reverts to the default or user-defined avatar.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important 3.0 Update – BuddyPress users should visit the Settings > Discussion page on your dashboard and choose one of the Disable Gravatar options to restore previous behavior.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you have any issues or suggestions, please visit our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-user-gravatar\" rel=\"ugc\">support forums\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you find this plugin useful and would like to say thanks, please leave us a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fdisable-user-gravatar?filter=5\" rel=\"ugc\">5 star review\u003C\u002Fa>!\u003C\u002Fp>\n","Stops WordPress from grabbing a user avatar using their registrated email from gravatar.com.",3000,40294,10,"2022-11-01T16:00:00.000Z","6.1.10","2.7",[241,242,243,244,245],"activity-stream","avatar","gravatar","wordpress-mu","wpmu","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-user-gravatar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-user-gravatar.zip",{"attackSurface":249,"codeSignals":613,"taintFlows":701,"riskAssessment":702,"analyzedAt":714},{"hooks":250,"ajaxHandlers":571,"restRoutes":608,"shortcodes":609,"cronEvents":610,"entryPointCount":236,"unprotectedCount":147},[251,257,261,266,268,271,275,278,282,286,290,294,298,301,304,307,310,312,315,319,323,325,329,333,337,342,346,350,354,357,360,363,367,368,372,376,379,382,385,389,393,397,401,405,409,413,418,423,426,429,434,437,439,442,444,447,449,453,457,461,464,467,469,473,477,480,484,487,492,495,499,502,505,507,511,516,519,522,525,527,530,535,538,542,546,549,551,555,559,563,566,568],{"type":252,"name":253,"callback":254,"priority":236,"file":255,"line":256},"filter","wp_stream_alerts_save_meta","add_alert_meta","alerts\\class-alert-type-email.php",45,{"type":252,"name":258,"callback":259,"priority":236,"file":260,"line":134},"wp_stream_record_classes","post_class","alerts\\class-alert-type-highlight.php",{"type":262,"name":263,"callback":264,"file":260,"line":265},"action","admin_enqueue_scripts","enqueue_scripts",83,{"type":252,"name":253,"callback":254,"priority":236,"file":260,"line":267},112,{"type":252,"name":253,"callback":254,"priority":236,"file":269,"line":270},"alerts\\class-alert-type-ifttt.php",78,{"type":262,"name":272,"callback":273,"priority":223,"file":274,"line":213},"admin_bar_menu","menu_alert","alerts\\class-alert-type-menu-alert.php",{"type":252,"name":253,"callback":254,"priority":236,"file":276,"line":277},"alerts\\class-alert-type-slack.php",42,{"type":262,"name":279,"callback":279,"file":280,"line":281},"init","classes\\class-admin.php",141,{"type":252,"name":283,"callback":284,"priority":236,"file":280,"line":285},"user_has_cap","filter_user_caps",149,{"type":252,"name":287,"callback":288,"priority":236,"file":280,"line":289},"role_has_cap","filter_role_caps",150,{"type":262,"name":291,"callback":292,"file":280,"line":293},"admin_menu","register_menu",161,{"type":262,"name":295,"callback":296,"file":280,"line":297},"admin_notices","prepare_admin_notices",165,{"type":262,"name":299,"callback":295,"file":280,"line":300},"shutdown",166,{"type":262,"name":295,"callback":302,"file":280,"line":303},"display_feature_request_notice",169,{"type":252,"name":305,"callback":305,"file":280,"line":306},"admin_body_class",172,{"type":252,"name":308,"callback":308,"priority":236,"file":280,"line":309},"plugin_action_links",175,{"type":262,"name":263,"callback":263,"file":280,"line":311},186,{"type":262,"name":263,"callback":313,"file":280,"line":314},"admin_menu_css",193,{"type":262,"name":316,"callback":317,"file":280,"line":318},"wp_loaded","purge_schedule_setup",205,{"type":262,"name":320,"callback":321,"file":280,"line":322},"wp_stream_auto_purge","purge_scheduled_action",206,{"type":262,"name":299,"callback":295,"file":280,"line":324},286,{"type":262,"name":326,"callback":327,"priority":236,"file":328,"line":213},"wp_stream_alert_trigger_form_display","add_fields","classes\\class-alert-trigger.php",{"type":262,"name":330,"callback":331,"priority":236,"file":328,"line":332},"wp_stream_alert_trigger_form_save","save_fields",40,{"type":252,"name":334,"callback":335,"priority":236,"file":328,"line":336},"wp_stream_alert_trigger_check","check_record",41,{"type":252,"name":338,"callback":339,"priority":236,"file":340,"line":341},"bulk_actions-edit-wp_stream_alerts","suppress_bulk_actions","classes\\class-alerts-list.php",31,{"type":252,"name":343,"callback":344,"priority":236,"file":340,"line":345},"disable_months_dropdown","suppress_months_dropdown",32,{"type":252,"name":347,"callback":348,"priority":236,"file":340,"line":349},"post_row_actions","suppress_quick_edit",33,{"type":252,"name":351,"callback":352,"priority":236,"file":340,"line":353},"request","parse_request",37,{"type":252,"name":355,"callback":356,"file":340,"line":213},"views_edit-wp_stream_alerts","manage_views",{"type":252,"name":358,"callback":359,"file":340,"line":336},"manage_wp_stream_alerts_posts_columns","manage_columns",{"type":262,"name":361,"callback":362,"priority":236,"file":340,"line":277},"manage_wp_stream_alerts_posts_custom_column","column_data",{"type":262,"name":364,"callback":365,"priority":236,"file":340,"line":366},"quick_edit_custom_box","display_custom_quick_edit",44,{"type":262,"name":263,"callback":264,"file":340,"line":256},{"type":252,"name":369,"callback":370,"priority":223,"file":340,"line":371},"wp_insert_post_data","save_alert_inline_edit",47,{"type":262,"name":279,"callback":373,"file":374,"line":375},"register_post_type","classes\\class-alerts.php",69,{"type":262,"name":377,"callback":292,"file":374,"line":378},"wp_stream_admin_menu",72,{"type":262,"name":263,"callback":380,"file":374,"line":381},"register_scripts",75,{"type":262,"name":383,"callback":384,"priority":223,"file":374,"line":265},"network_admin_menu","change_menu_link_url",{"type":252,"name":386,"callback":387,"priority":236,"file":374,"line":388},"wp_stream_record_inserted","check_records",92,{"type":252,"name":390,"callback":391,"priority":201,"file":374,"line":392},"wp_stream_action_links_posts","change_alert_action_links",128,{"type":262,"name":299,"callback":394,"file":395,"line":396},"delayed_log_commit","classes\\class-connector.php",203,{"type":262,"name":398,"callback":399,"file":400,"line":353},"admin_init","render_download","classes\\class-export.php",{"type":262,"name":402,"callback":403,"file":400,"line":404},"wp_stream_record_actions_menu","actions_menu_export_items",38,{"type":252,"name":406,"callback":407,"file":400,"line":408},"stream_records_per_page","disable_paginate",67,{"type":252,"name":410,"callback":411,"priority":236,"file":400,"line":412},"wp_stream_list_table_columns","expand_columns",68,{"type":262,"name":414,"callback":415,"file":416,"line":417},"all_admin_notices","update_notice_hook","classes\\class-install.php",133,{"type":252,"name":419,"callback":420,"priority":236,"file":421,"line":422},"screen_settings","screen_controls","classes\\class-list-table.php",60,{"type":252,"name":424,"callback":425,"priority":236,"file":421,"line":375},"set-screen-option","set_screen_option",{"type":252,"name":427,"callback":427,"priority":236,"file":428,"line":366},"heartbeat_received","classes\\class-live-update.php",{"type":252,"name":430,"callback":431,"file":432,"line":433},"wp_stream_query_args","network_query_args","classes\\class-network.php",46,{"type":262,"name":279,"callback":435,"file":432,"line":436},"ajax_network_admin",55,{"type":262,"name":383,"callback":292,"file":432,"line":438},56,{"type":262,"name":383,"callback":440,"file":432,"line":441},"admin_menu_screens",57,{"type":262,"name":291,"callback":440,"file":432,"line":443},58,{"type":262,"name":272,"callback":445,"priority":223,"file":432,"line":446},"network_admin_bar_menu",59,{"type":262,"name":448,"callback":295,"file":432,"line":422},"network_admin_notices",{"type":262,"name":450,"callback":451,"file":432,"line":452},"wpmuadminedit","network_options_action",61,{"type":252,"name":454,"callback":455,"file":432,"line":456},"wp_stream_blog_id_logged","blog_id_logged",65,{"type":252,"name":458,"callback":459,"file":432,"line":460},"wp_stream_admin_page_title","network_admin_page_title",66,{"type":252,"name":462,"callback":463,"file":432,"line":408},"wp_stream_list_table_screen_id","list_table_screen_id",{"type":252,"name":465,"callback":466,"file":432,"line":412},"wp_stream_list_table_filters","list_table_filters",{"type":252,"name":410,"callback":468,"file":432,"line":375},"network_admin_columns",{"type":252,"name":470,"callback":471,"file":432,"line":472},"wp_stream_settings_form_action","settings_form_action",70,{"type":252,"name":474,"callback":475,"file":432,"line":476},"wp_stream_settings_form_description","settings_form_description",71,{"type":252,"name":478,"callback":479,"file":432,"line":378},"wp_stream_settings_option_fields","get_network_admin_fields",{"type":252,"name":481,"callback":482,"file":432,"line":483},"wp_stream_serialized_labels","get_settings_translations",73,{"type":252,"name":485,"callback":486,"file":432,"line":134},"wp_stream_connectors","hide_blogs_connector",{"type":262,"name":488,"callback":489,"file":490,"line":491},"plugins_loaded","i18n","classes\\class-plugin.php",170,{"type":262,"name":279,"callback":279,"priority":493,"file":490,"line":494},9,179,{"type":262,"name":496,"callback":497,"file":490,"line":498},"wp_head","frontend_indicator",182,{"type":262,"name":488,"callback":488,"priority":500,"file":490,"line":501},20,185,{"type":262,"name":398,"callback":503,"file":504,"line":460},"register_settings","classes\\class-settings.php",{"type":252,"name":481,"callback":482,"file":504,"line":506},80,{"type":252,"name":508,"callback":509,"priority":236,"file":504,"line":510},"user_search_columns","add_display_name_search_columns",123,{"type":252,"name":512,"callback":513,"file":514,"line":515},"wp_stream_log_data","log_override","connectors\\class-connector-acf.php",121,{"type":262,"name":299,"callback":517,"priority":493,"file":514,"line":518},"check_location_rules",452,{"type":252,"name":512,"callback":513,"file":520,"line":521},"connectors\\class-connector-bbpress.php",164,{"type":252,"name":512,"callback":513,"file":523,"line":524},"connectors\\class-connector-edd.php",251,{"type":252,"name":512,"callback":513,"file":526,"line":318},"connectors\\class-connector-jetpack.php",{"type":262,"name":528,"callback":528,"priority":236,"file":529,"line":460},"registered_post_type","connectors\\class-connector-posts.php",{"type":262,"name":531,"callback":532,"file":533,"line":534},"admin_head","highlight_field","connectors\\class-connector-settings.php",213,{"type":262,"name":263,"callback":536,"file":533,"line":537},"enqueue_jquery_color",214,{"type":262,"name":539,"callback":540,"priority":236,"file":533,"line":541},"updated_option","callback",648,{"type":262,"name":543,"callback":543,"priority":236,"file":544,"line":545},"registered_taxonomy","connectors\\class-connector-taxonomies.php",88,{"type":252,"name":512,"callback":513,"file":547,"line":548},"connectors\\class-connector-two-factor.php",106,{"type":252,"name":512,"callback":513,"file":550,"line":200},"connectors\\class-connector-user-switching.php",{"type":262,"name":552,"callback":553,"file":554,"line":281},"customize_save_after","callback_customize_save_after","connectors\\class-connector-widgets.php",{"type":252,"name":556,"callback":557,"file":558,"line":548},"wp_stream_posts_exclude_post_types","exclude_order_post_types","connectors\\class-connector-woocommerce.php",{"type":262,"name":560,"callback":561,"file":558,"line":562},"wp_stream_comments_exclude_comment_types","exclude_order_comment_types",107,{"type":262,"name":263,"callback":263,"file":564,"line":565},"connectors\\class-connector-wordpress-seo.php",215,{"type":252,"name":512,"callback":513,"file":564,"line":567},216,{"type":262,"name":299,"callback":569,"file":570,"line":366},"wp_stream_fail_php_version","stream.php",[572,578,581,584,587,590,593,596,600,603],{"action":573,"nopriv":574,"callback":575,"hasNonce":576,"hasCapCheck":576,"file":280,"line":577},"wp_stream_reset",false,"wp_ajax_reset",true,196,{"action":579,"nopriv":574,"callback":580,"hasNonce":576,"hasCapCheck":576,"file":280,"line":565},"wp_stream_filters","ajax_filters",{"action":582,"nopriv":574,"callback":582,"hasNonce":574,"hasCapCheck":576,"file":374,"line":583},"load_alerts_settings",102,{"action":585,"nopriv":574,"callback":585,"hasNonce":574,"hasCapCheck":574,"file":374,"line":586},"get_actions",109,{"action":588,"nopriv":574,"callback":588,"hasNonce":576,"hasCapCheck":576,"file":374,"line":589},"save_new_alert",110,{"action":591,"nopriv":574,"callback":591,"hasNonce":574,"hasCapCheck":576,"file":374,"line":592},"get_new_alert_triggers_notifications",117,{"action":594,"nopriv":574,"callback":595,"hasNonce":576,"hasCapCheck":574,"file":428,"line":371},"stream_enable_live_update","enable_live_update",{"action":597,"nopriv":574,"callback":598,"hasNonce":576,"hasCapCheck":576,"file":504,"line":599},"stream_get_users","get_users",89,{"action":601,"nopriv":574,"callback":602,"hasNonce":576,"hasCapCheck":576,"file":504,"line":388},"stream_get_ips","get_ips",{"action":604,"nopriv":574,"callback":605,"hasNonce":576,"hasCapCheck":576,"file":606,"line":607},"edit-theme-plugin-file","get_edition_data","connectors\\class-connector-editor.php",50,[],[],[611],{"hook":320,"callback":320,"file":280,"line":612},818,{"dangerousFunctions":614,"sqlUsage":619,"outputEscaping":639,"fileOperations":63,"externalRequests":63,"nonceChecks":500,"capabilityChecks":696,"bundledLibraries":697},[615],{"fn":616,"file":554,"line":617,"context":618},"assert",489,"assert( $old_sidebar_id !== $new_sidebar_id );",{"prepared":256,"raw":620,"locations":621},8,[622,625,627,629,631,634,637,638],{"file":280,"line":623,"context":624},670,"$wpdb->query() with variable interpolation",{"file":280,"line":626,"context":624},671,{"file":280,"line":628,"context":624},833,{"file":280,"line":630,"context":624},879,{"file":632,"line":281,"context":633},"classes\\class-db-driver-wpdb.php","$wpdb->get_results() with variable interpolation",{"file":635,"line":636,"context":633},"includes\\db-updates.php",36,{"file":635,"line":506,"context":624},{"file":635,"line":515,"context":624},{"escaped":640,"rawEcho":641,"locations":642},396,28,[643,646,648,650,651,652,654,656,657,659,660,661,663,665,667,669,671,673,675,676,678,680,682,685,687,689,692,694],{"file":255,"line":644,"context":645},146,"raw output",{"file":255,"line":647,"context":645},147,{"file":255,"line":649,"context":645},159,{"file":260,"line":521,"context":645},{"file":260,"line":297,"context":645},{"file":269,"line":653,"context":645},127,{"file":269,"line":655,"context":645},130,{"file":269,"line":285,"context":645},{"file":276,"line":658,"context":645},204,{"file":276,"line":318,"context":645},{"file":276,"line":567,"context":645},{"file":276,"line":662,"context":645},218,{"file":276,"line":664,"context":645},229,{"file":276,"line":666,"context":645},231,{"file":276,"line":668,"context":645},242,{"file":276,"line":670,"context":645},244,{"file":276,"line":672,"context":645},255,{"file":280,"line":674,"context":645},1151,{"file":340,"line":655,"context":645},{"file":374,"line":677,"context":645},517,{"file":374,"line":679,"context":645},610,{"file":374,"line":681,"context":645},676,{"file":683,"line":684,"context":645},"classes\\class-form-generator.php",212,{"file":504,"line":686,"context":645},1140,{"file":533,"line":688,"context":645},788,{"file":690,"line":691,"context":645},"exporters\\class-exporter-csv.php",51,{"file":693,"line":371,"context":645},"exporters\\class-exporter-json.php",{"file":695,"line":201,"context":645},"includes\\feeds\\json.php",14,[698],{"name":699,"version":37,"knownCves":700},"Select2",[],[],{"summary":703,"deductions":704},"The 'stream' plugin v4.1.2 exhibits a mixed security posture. While it demonstrates good practices in terms of prepared SQL statements (85%) and output escaping (93%), and a lack of critical taint analysis findings, there are several concerning areas. The presence of one AJAX handler without any authentication checks presents a significant direct attack vector. Furthermore, the plugin's history of 7 known CVEs, including 3 high-severity vulnerabilities such as SSRF, CSRF, and SQL Injection, indicates a pattern of past security weaknesses that require careful attention, even though none are currently unpatched.\n\nThe static analysis reveals an attack surface with 10 entry points, one of which is unprotected. The use of the dangerous `assert` function is also a red flag, although its specific context and impact are not detailed in the provided data. The 14 capability checks and 20 nonce checks are positive signs, suggesting some level of security implementation, but the lack of authorization on one AJAX handler significantly undermines these efforts. The plugin's historical vulnerability types further highlight recurring issues that users should be aware of.\n\nIn conclusion, while the plugin shows improvement in areas like SQL sanitization and output escaping, the unprotected AJAX handler and the past vulnerability trends are notable weaknesses. Users should proceed with caution and ensure the plugin is kept up-to-date, and consider implementing additional security measures to mitigate the risks associated with the identified unprotected entry point.",[705,707,709,712],{"reason":706,"points":236},"Unprotected AJAX handler",{"reason":708,"points":224},"Dangerous function 'assert' used",{"reason":710,"points":711},"History of 7 CVEs, including 3 high",15,{"reason":713,"points":620},"Vulnerability types include SSRF, CSRF, SQLi","2026-03-16T17:12:32.153Z",{"wat":716,"direct":725},{"assetPaths":717,"generatorPatterns":720,"scriptPaths":721,"versionParams":722},[718,719],"\u002Fwp-content\u002Fplugins\u002Fstream\u002Fassets\u002Fcss\u002Fstream.css","\u002Fwp-content\u002Fplugins\u002Fstream\u002Fassets\u002Fjs\u002Fstream.js",[],[719],[723,724],"stream\u002Fassets\u002Fcss\u002Fstream.css?ver=","stream\u002Fassets\u002Fjs\u002Fstream.js?ver=",{"cssClasses":726,"htmlComments":728,"htmlAttributes":729,"restEndpoints":735,"jsGlobals":737,"shortcodeOutput":739},[727,410,462],"stream-list-table-no-items",[],[730,731,732,733,734],"data-stream-date","data-stream-user-id","data-stream-context","data-stream-action","data-stream-ip",[736],"\u002Fwp-json\u002Fstream\u002Fv1\u002Fsettings",[738],"wp_stream_settings",[740,741],"[stream-log]","[stream-activity-feed]"]