Initial release.<\/p>"},"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Dashboard with activity chart, top actions, and KPI tiles.","2":"Timeline with filters, search, severity badges, and pagination.","3":"Settings for tracking toggles, retention, break detection, and integrations.","4":"Analytics heatmap and hour-of-day charts.","5":"Workflow panel with status, assignee, and comments."}},"plugin_section":[],"plugin_tags":[8531,8534,5603,600,5575],"plugin_category":[54],"plugin_contributors":[214729],"plugin_business_model":[],"class_list":["post-319317","plugin","type-plugin","status-publish","hentry","plugin_tags-activity-log","plugin_tags-audit-log","plugin_tags-monitoring","plugin_tags-security","plugin_tags-timeline","plugin_category-security-and-spam-protection","plugin_contributors-piyushmultidots","plugin_committers-piyushmultidots"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/activitypilot.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"\n
ActivityPilot is an activity log and audit-trail plugin for developers, agencies, and security-conscious site owners. Meaningful changes on your site \u2014 logins, content edits, plugin and theme operations, role changes, high-impact options, integrations, and more \u2014 are stored in a dedicated database table and shown in a modern admin timeline.<\/p>\n\n
ip-api.com<\/code>) is disabled by default<\/strong> (enable_geo = 0<\/code>).<\/li>\n- Outbound webhooks (Slack\/Discord\/Teams\/custom URL) are disabled by default<\/strong> until you enable them and provide destination URLs.<\/li>\n
- The plugin does not send data to third-party services unless you explicitly enable and configure those features.<\/li>\n<\/ul>\n\n
Why use this plugin?<\/h4>\n\n\n- Custom tables<\/strong> \u2014 logs live in
{prefix}apwpm_activity_logs<\/code> (not post meta) with indexes for fast queries.<\/li>\n- Modern admin UI<\/strong> \u2014 dashboard, timeline, filters, search, pagination, exports, dark mode, and keyboard shortcuts.<\/li>\n
- Security-first<\/strong> \u2014 capability checks, REST nonces, prepared SQL, output escaping, and optional sudo mode for destructive actions.<\/li>\n
- Break detection<\/strong> \u2014 spots error spikes and surfaces recent risky changes.<\/li>\n
- Extensible<\/strong> \u2014 REST API (
activitypilot\/v1<\/code>), hooks, custom event registry, and PSR-3 adapter.<\/li>\n<\/ul>\n\nCore features<\/h4>\n\n\n- Activity logging for logins, posts, plugins, themes, users, roles, and important site options<\/li>\n
- Timeline view with avatars, severity colors, and structured context<\/li>\n
- Filters by user, action, object type, severity, date range, status, assignee, and search<\/li>\n
- CSV and JSON exports; daily retention pruning via cron<\/li>\n
- Email alerts when break detection finds unusual error activity<\/li>\n
- Workflow: acknowledge, resolve, snooze, assign, and comment on events<\/li>\n
- Smart insights: bursts, off-hours access, role escalation, and statistical spikes<\/li>\n
- Optional rollback for supported change types (sudo-gated)<\/li>\n
- Analytics heatmap, hour-of-day chart, and top users<\/li>\n
- Scheduled HTML digest reports (daily, weekly, monthly)<\/li>\n
- Multisite support with per-site tagging and network overview<\/li>\n
- Hash-chain integrity verification (optional)<\/li>\n
- File integrity monitoring, IP throttle, PII redaction, GDPR export\/erase helpers<\/li>\n
- Integrations: WooCommerce, ACF, popular form builders, SEO plugins, page builders<\/li>\n
- Optional outbound webhooks (Slack, Discord, Microsoft Teams, generic URL)<\/li>\n
- WP-CLI:
wp apwpm list|count|verify|prune|purge|export|digest|scan-files<\/code><\/li>\n<\/ul>\n\nFor developers<\/h4>\n\n
Log custom events from your code:<\/p>\n\n
APWPM_Logger::log( array( 'action_type' => 'my_event', 'description' => 'Something happened' ) );\n<\/code><\/pre>\n\nFilter hooks include apwpm_skip_log<\/code>, apwpm_pre_insert_row<\/code>, and apwpm_register_event_types<\/code>. The shorter ap_*<\/code> hook names from earlier builds are still fired for backward compatibility.<\/p>\n\nExternal services<\/h3>\n\n
This plugin can connect to third-party services only when you enable the related feature<\/strong> and, for webhooks, when you provide URLs.<\/p>\n\nIP geolocation (optional)<\/h4>\n\n
When Enable geolocation<\/strong> is on, the plugin may send the visitor IP address to ip-api.com<\/a> to resolve country and city. No API key is required. Results are cached in WordPress transients (about 24 hours). See the ip-api privacy policy<\/a> for their terms.<\/p>\n\n\n- Data sent: IP address (in the request URL).<\/li>\n
- When: On log insert for events that include an IP, if geo is enabled and not already set.<\/li>\n
- Purpose: Display country\/city on timeline rows and detect logins from new countries.<\/li>\n<\/ul>\n\n
Outbound webhooks (optional)<\/h4>\n\n
When webhooks are enabled and URLs are saved in settings, the plugin sends HTTP POST requests to your<\/strong> endpoints (for example Slack, Discord, Microsoft Teams, or a custom URL) when qualifying events occur.<\/p>\n\n\n- Data sent: Event title, description, severity, site name, and related metadata you configure to receive.<\/li>\n
- When: After an event is logged that meets your minimum severity threshold.<\/li>\n
- Purpose: Notify external chat or monitoring systems.<\/li>\n
- Services\/endpoints: Slack, Discord, Microsoft Teams, or any custom HTTPS endpoint that you explicitly configure.<\/li>\n
- Terms\/privacy (when using those services):
\nSlack: https:\/\/slack.com\/terms-of-service , https:\/\/slack.com\/privacy-policy
\nDiscord: https:\/\/discord.com\/terms , https:\/\/discord.com\/privacy
\nMicrosoft Teams (Microsoft): https:\/\/www.microsoft.com\/servicesagreement , https:\/\/privacy.microsoft.com\/privacystatement<\/li>\n<\/ul>\n\nWebhook delivery is fully optional and disabled by default. No webhook requests are sent until you enable webhooks and provide at least one destination URL.<\/p>\n\n
The plugin does not include bundled third-party API keys. Geolocation and webhooks are optional and disabled by default until configured by a site administrator.<\/p>\n\n\n
\n- Upload the
activitypilot<\/code> folder to \/wp-content\/plugins\/<\/code>.<\/li>\n- Activate the plugin through the Plugins<\/strong> screen in WordPress.<\/li>\n
- Open Activity Timeline<\/strong> in the admin menu.<\/li>\n
- Review Settings<\/strong> to choose what to track, retention, alerts, and optional features.<\/li>\n<\/ol>\n\n
On multisite, network-activate for a shared log table under the network prefix.<\/p>\n\n\n
\nWill this slow down my site?<\/h3><\/dt>\nWrites go to an indexed custom table. Heavy hooks are limited to admin and logged-in contexts where possible. Optional async batching groups writes at shutdown.<\/p><\/dd>\n
Where are logs stored?<\/h3><\/dt>\nIn {prefix}apwpm_activity_logs<\/code>, with optional companion tables {prefix}apwpm_comments<\/code> and {prefix}apwpm_views<\/code>. Data is not stored in wp_postmeta<\/code>.<\/p><\/dd>\nCan I export or delete logs?<\/h3><\/dt>\nYes. Export from the admin UI or REST API. Prune by age via settings, cron, or wp apwpm prune<\/code>. Full purge requires confirmation and sudo mode when enabled.<\/p><\/dd>\nDoes it work on multisite?<\/h3><\/dt>\nYes. Events are tagged with blog_id<\/code>, and network admins get a network overview.<\/p><\/dd>\nCan I extend what gets logged?<\/h3><\/dt>\nYes. Call APWPM_Logger::log()<\/code> or register types on apwpm_register_event_types<\/code>. Use apwpm_skip_log<\/code> to skip events and apwpm_pre_insert_row<\/code> to adjust rows before insert.<\/p><\/dd>\nIs the log tamper-proof?<\/h3><\/dt>\nWhen hash-chain mode is enabled, each row includes an HMAC chain. Run integrity checks from Site Health or wp apwpm verify<\/code>. Append-only mode can block deletions for compliance use cases.<\/p><\/dd>\n\n<\/dl>\n\n\n1.0.0<\/h4>\n\n\n- Initial WordPress.org release.<\/li>\n
- Activity timeline with dashboard, filters, search, exports, and REST API (
activitypilot\/v1<\/code>).<\/li>\n- Break detection, smart insights, workflow (status, assignee, comments), and optional rollback.<\/li>\n
- Analytics, reports, multisite support, hash-chain integrity, and Site Health checks.<\/li>\n
- Integrations, optional webhooks, geolocation, GDPR tools, file integrity monitoring, and WP-CLI commands.<\/li>\n
- Requires WordPress 7.0+ and PHP 7.4+.<\/li>\n<\/ul>","raw_excerpt":"Track, visualize, and analyze admin and user activity in a timeline UI with break detection, workflows, REST API, and exportable audit logs.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/roh.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/319317","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/roh.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/roh.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/roh.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=319317"}],"author":[{"embeddable":true,"href":"https:\/\/roh.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/piyushmultidots"}],"wp:attachment":[{"href":"https:\/\/roh.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=319317"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/roh.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=319317"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/roh.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=319317"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/roh.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=319317"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/roh.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=319317"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/roh.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=319317"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}