Simple History – Track, Log, and Audit WordPress Changes

July 09, 2024

Simple History – Track, Log, and Audit WordPress Changes Plugin

Track changes and user activities on your WordPress site. See who created a page, uploaded an attachment, and more, for a complete audit trail.

“So far the best and most comprehensive logging plugin”@herrschuessler

Simple History shows recent changes made within WordPress, directly on your dashboard or on a separate page.

The plugin works as a audit log of the most important events that occur in WordPress.

It’s a plugin that is good to have on websites where several people are involved in editing the content.

No coding is required to use the plugin. Just install it and it will start logging events.

✨ Simple History Features

Out of the box Simple History has support for:

  • Posts and pages – see who added, updated or deleted a post or page

  • Attachments – see who added, updated or deleted an attachment

  • Taxonomies (Custom taxonomies, categories, tags) – see who added, updated or deleted an taxonomy

  • Comments – see who edited, approved or removed a comment

  • Widgets – get info when someone adds, updates or removes a widget in a sidebar

  • Plugins – activation and deactivation

  • User profiles – info about added, updated or removed users

  • User logins – see when a user login & logout. Also see when a user fails to login (good way to catch brute-force login attempts).

  • User edits – see when a user is added, updated or removed, and get detailed information about the changes made to the user.

  • Failed user logins – see when someone has tried to log in, but failed. The log will then include ip address of the possible hacker.

  • Menu edits

  • Option screens – view details about changes made in the different settings sections of WordPress. Things like changes to the site title and the permalink structure will be logged.

  • Privacy page – when a privacy page is created or set to a new page.

  • Data Export – see when a privacy data export request is added and when this request is approved by the user, downloaded by an admin, or emailed to the user.

  • User Data Erasure Requests – see when a user privacy data export request is added and when this request is approved by the user and when the user data is removed.

Build in logging for third party plugins

Simple History comes with built in support for many plugins:

  • Jetpack – See what Jetpack modules that are activated and deactivated.

  • Advanced Custom Fields (ACF) – See when field groups and fields are created and modified.

  • User Switching – See each user switch being made.

  • WP Crontrol – See when cron events are added, edited, deleted, paused, resumed, and manually ran, and when cron schedules are added and deleted.

  • Enable Media Replace – See details about the file being replaced and details about the new file.

  • Limit Login Attempts – See login attempts, lockouts, and configuration changes made in the plugin Limit Login Attempts.

  • Redirection – See redirects and groups that are created, changed, enabled or disabled and also when the global plugin settings have been modified.

  • Duplicate Post –See when a clone of a post or page is done.

  • Beaver Builder – See when a Beaver Builder layout or template is saved or when the settings for the plugins are saved.

Is your plugin missing? No problem – plugin authors can add support for Simple History in their plugins using the logging API.

Plugins that have support for Simple History includes:

What users say 💬

🌟 300+ five-star reviews speak to the reliability of this plugin. 🌟

  • “So far the best and most comprehensive logging plugin”@herrschuessler

  • “The best history plugin I’ve found”Rich Mehta

  • “Custom Logs Are Crazy Awesome!”Ahmad Awais

  • “Amazing activity logging plugin”digidestination

  • “Fantastic plugin I use on all sites”Duncan Michael-MacGregor

  • “Useful Quick View of Activity”Dan O

  • “The best Activity Plugin”Rahim

  • “The best free history plugin ever”abazeed

  • “It is a standard plugin for all of our sites”Mr Tibbs

Getting Started

After installation, Simple History automatically starts logging activities. Access the history log through the dashboard widget or via the ‘Simple History’ page in the dashboard menu.

RSS feed with changes

Using the optional password protected RSS feed you can keep track of the changes made on your website using your favorite RSS reader.

Comes with WP-CLI commands

For those of you who like to work with the command line there are also some WP-CLI commands available.

  • wp simple-history list – List the latest logged events.

Example scenarios

Keep track of what other people are doing:
“Has someone done anything today? Ah, Sarah uploaded
the new press release and created an article for it. Great! Now I don’t have to do that.”

Or for debug purposes:
“The site feels slow since yesterday. Has anyone done anything special? … Ah, Steven activated ‘naughty-plugin-x’,
that must be it.”

API so you can add your own events to the audit log

If you are a theme or plugin developer and would like to add your own things/events to Simple History you can do that by using the function SimpleLogger() like this:

`php 

if ( function_exists(“SimpleLogger”) ) {
// Most basic example: just add some information to the log
SimpleLogger()->info(“This is a message sent to the log”);

 // A bit more advanced: log events with different severities SimpleLogger()->info("User admin edited page 'About our company'"); SimpleLogger()->warning("User 'Jessie' deleted user 'Kim'"); SimpleLogger()->debug("Ok, cron job is running!"); 

}
?>
`

See the documentation for examples on how to log your own events and how to query the log, and more.

🔆 Extend the plugin functionality with Add-ons

Powerful add-ons are available to extend the functionality of Simple History even further:

WooCommerce Logger
Enhance your site’s tracking with comprehensive logs for WooCommerce orders, products, settings, and coupons.

Extended Settings
Extend the settings of Simple History with more options and settings.

Developer tools (coming soon)
Log sent emails, HTTP API requests, cron jobs, and more.

💚 Sponsor this project

If you like this plugin please consider donating to support the development. The plugin has been free for the last 10 years and will continue to be free.

Noteworthy sponsors

Screenshots

  1. <p>The log view + it also shows the filter function in use - the log only shows event that are of type post and pages and media (i.e. images & other uploads), and only events initiated by a specific user.</p>

    The log view + it also shows the filter function in use - the log only shows event that are of type post and pages and media (i.e. images & other uploads), and only events initiated by a specific user.

  2. <p>The <strong>Post Quick Diff</strong> feature will make it quick and easy for a user of a site to see what updates other users have done to posts and pages.</p>

    The Post Quick Diff feature will make it quick and easy for a user of a site to see what updates other users have done to posts and pages.

  3. <p>When users are created or changed you can see details on what have changed.</p>

    When users are created or changed you can see details on what have changed.

  4. <p>Events have context with extra details - Each logged event can include useful rich formatted extra information. For example: a plugin install can contain author info and a the url to the plugin, and an uploaded image can contain a thumbnail of the image.</p>

    Events have context with extra details - Each logged event can include useful rich formatted extra information. For example: a plugin install can contain author info and a the url to the plugin, and an uploaded image can contain a thumbnail of the image.

  5. <p>Click on the IP address of an entry to view the location of for example a failed login attempt.</p>

    Click on the IP address of an entry to view the location of for example a failed login attempt.

  6. <p>See even more details about a logged event (by clicking on the date and time of the event).</p>

    See even more details about a logged event (by clicking on the date and time of the event).

  7. <p>A chart with some quick statistics is available, so you can see the number of events that has been logged each day. A simple way to see any uncommon activity, for example an increased number of logins or similar.</p>

    A chart with some quick statistics is available, so you can see the number of events that has been logged each day. A simple way to see any uncommon activity, for example an increased number of logins or similar.

FAQ

Is the plugin free?

Yes! It has been free for the last 10 years and will continue to be free. There are some add-ons that you can buy to support the development of this plugin and get some extra features. View add-ons.

How do I view the log?

You can view the log on the dashboard or on a separate page in the admin area.

Can I see the log in the front end?

No, the log is only available in the admin area.

Do I need to have coding skills to use the plugin?

No, you don’t need to write any code to use the plugin.
Just install the plugin and it will start collecting data.

Where is the log stored?

The log is stored in the database used by WordPress.

Can I export the log?

Yes, you can export the log to a CSV or JSON file.

Is my theme supported?

Yes, the plugin works with all themes.

Is my plugin supported?

The plugin comes with built in support for many plugins and support for Simple History can be added to any plugin using the Logging API.

Will my website slow down because of this plugin?

No, the plugin is very lightweight and will not slow down your website.

Who can view the log?

How much information that is shown in the log depends on the user role of the user viewing the log. Admins can see everything, while editors can only see events related to posts and pages.

Is it possible to exclude users from the log?

Yes, you exclude users by role or email using the filter simple_history/log/do_log.

See the hooks documentation for more info.

For how long are the history kept?

By default, logs are stored for 60 days. This duration can be adjusted in the settings.

This can be modified using the filter simple_history/db_purge_days_interval or using the Simple History Extended Settings add-on.

Can I track changes made by specific users?

Yes, Simple History allows you to filter the history by user names, making it easy to monitor individual activities.

Is this plugin GDRP compliant?

Since GDRP is such a complex topic and since WordPress plugins are not allowed to imply that they provide legal compliance we can not simply just say that the plugin is GDPR compliant.

GDPR is very much about how you use the data and how you inform your users about what data you collect and how you use it. No site is the same and the usage together with the plugin can be very different from site to site. So you should always make sure that you are compliant with GDPR when using the plugin.

That said, the plugin does not use Google Fonts, does not set cookies, uses no local storage, and by default the ip addresses are anonymized. The plugin is however a plugin that logs events and that can contain personal data, so you should always make sure that you are compliant with GDPR when using the plugin.

Read more at the FAQ on the plugin website.

Changelog

4.16.0

This release contains many new features and improvements. Especially updates made on the settings screen has gonne through a major overhaul and is now much more user friendly and informative.
View the release post for screenshots and more information.

🌟 Remember that you can sponsor this project to keep it free and open source.
And if you need more features you can buy add-ons that also get you some extra features. 🌟

Added

  • Debug page additions
    • Display detected db engine to debug page. Can be useful for debugging since Simple History supports MySQL, MariaDB, and SQLite.
    • Table size and number of rows for SQLite databases are shown on the debug page (they were already shown for MySQL and MariaDB).
    • Display Must Use Plugins on the debug page.
  • Throw exception if log query has any db errors instead of just dying silently. This should help with debugging since the message often is visible in the log. #438
  • Plugin update failures are now logged, with error message added to context. This can happen when a plugin can’t remove it’s folder. #345
  • Support for the ANSI_QUOTES mode in MySQL/MariaDB. #334
  • RSS feed support for filtering by loglevels ( e.g.,?loglevels=warning,notice). See https://simple-history.com/docs/feeds/ for all available filters. #443
  • Log when an admin user changes the way WordPress handles auto updates of core, from “automatic updates for all new versions of WordPress” to “automatic updates for maintenance and security releases only”, or vice versa. #449
  • Add Update URI plugin header, if available, to context for plugin installs or updates. This field was added in WordPress 5.8 so it was really time to add it now 🙂 #451
  • Add link to the Simple History site history below the “All updates have been completed” message that is shown when plugins or themes are updated. #453
  • Add title, alternative text, caption, description, and slug to modified attachments. #310
  • Add a link next to number or failed login attempts. If the extended settings add-on is installed the link goes to the settings page for that add-on. If that add-on is not installed the link goes to the website of the add-on.

Changed

  • Changes to settings screens and logging of their options have gotten a major overhaul and is now much more user friendly and informative:

    • Only built in WordPress options are logged. Previously other options could “sneak in” when they was added using a filter or similar on the same screen.
    • When updating the site language option (the options WPLANG), set “en_US” as the language when the option is empty. Previously it was set to an empty string which what a bit confusing.
    • “Week Starts On” now displays the new and previous weekday as human readable text instead of a number.
    • Use wording “Updated setting…” instead of “Updated option…” in the log when a setting is updated because it’s more user friendly to say “setting” instead of “option”, since that’s the wordings used in the WordPress UI.
    • Include the name of the settings page in the main log message for each setting updated and also include a link to the settings page.
    • Use “On” or “Off” when display the changed values for settings that can be toggled on or off. Previously “1” or “0” was used.
    • Setting “For each post in a feed, include…” now displays “Full text” or “Excerpt”, instead of “1” or “0”.
    • The “blog_public” settings is now shown as “Discourage search engines from indexing this site” setting was changed.
  • Don’t log the uploading and deletion of the ZIP archive when installing a plugin or theme from a ZIP file. #301

  • Update testing framework wp-browser to 3.5.
  • Misc refactoring and code cleanup.

Fixed

  • Fix a possible strpos()-warning in the ACF logger. #440
  • Ensure Post via email SMTP password is not exposed in the log.

Pssst! Did you know that you can sponsor this project to keep it free and open source? 🌟

4.15.1 (April 2024)

This release contains a new feature that logs when scheduled blog posts or site pages automatically publish themselves at any time in the future. It also contains the regular bug fixes and improvements. View the release post.

Added

  • Log when post status changes from future to publish, i.e. when scheduled blog posts or site pages automatically publish themselves at any time in the future. #343

Fixed

  • Log theme file edits and plugin file edits again. #437
  • Show previous featured image when removing a featured image from a post. Before this change the fields was empty. So confusing.
  • Cleanup the edited post event output by remove context keys post_author/user_login, post_author/user_email, post_author/display_name from post edited events, because author change is already shown as plain text. The context keys are still available to see in the context data table.

Updated

  • Update WordPress Coding Standards to latest version. #436

4.15.0 (April 2024)

Was never released. Skipped to 4.15.1. Something went wrong with tagging.

4.14.0 (April 2024)

🕵️‍♀️ This version introduces a new Detective Mode. Many users use Simple History to catch changes made by users and plugins, but sometimes it can be hard to tell exactly what plugin that was responsible for a specific action. Detective Mode has been created to help users find the responsible plugin, hook, URL, or function used to trigger a specific action. View screenshots and more information.

  • Add Detective Mode, a new feature aimed to help users find what plugin or theme is causing a specific event or action to be logged or happen. Great for debugging. This new feature can be enabled in the settings. Read more. Useful for admins, developers, forensics detectives, security experts, and more.
  • Add support for searching for localized logger message strings. #277
  • Add fix for SQL MAX_JOIN_SIZE related error message, that could happen on low end hosting providers or shared hosting providers. #435
  • Remove check for older PHP versions in helpers::json_encode. (PHP 7.4 is since long the minimum requirement for Simple History and for WordPress itself.)
  • Tested on WordPress 6.5.

4.13.0 (March 2024)

🚀 Introducing the WooCommerce Logger Add-On: Enhance your site’s tracking with comprehensive logs for WooCommerce orders, products, settings, and coupons. Learn more in our release post.

View the release post to see screenshots of the new features.

Changelog for previous versions.

Details

  • Version: 4.16.0
  • Active installations: 200,000
  • WordPress Version: 6.1
  • Tested up to: 6.5.5
  • PHP Version: 7.4

Ratings


5 Stars
4 Stars
3 Stars
2 Stars
1 Stars