Plugin Update: New Activity Log for Improved Visibility

We’ve released WPMissionControl plugin version 1.1.0, introducing a major new feature:
a local Activity Log that records important events happening inside your WordPress site.

This log captures a wide range of operational, editorial, and administrative actions — helping you understand what changed, when, and by whom.

This lays the foundation for future correlation between onsite events and the signals collected by WPMissionControl.

---

🔍 What the Activity Log Records

The new Activity Log tracks real WordPress events, grouped into clear categories.

1. Updates

Whenever WordPress updates something, the log records:

• Core updates
• Plugin updates (manual or automatic)
• Theme updates
• Bulk update operations
• Automatic updates (with success/failure)

Each update event includes:

• the item updated
• version before/after (when available)
• whether it was bulk or auto
• the source event (upgrader, auto_updates, etc.)

---

2. Admin Operations

Actions taken inside the WP admin panel:

• Plugin activation or deactivation
• Theme switching

---

3. Authentication Events

Login-related activity:

• successful logins
• failed login attempts
• logouts
• IP address
• user agent
• login method (web vs XML-RPC)

This is extremely valuable for spotting suspicious login attempts or unexpected access patterns.

---

4. User Management

User-level changes:

• new user creation
• profile updates
• role changes
• password resets
• user deletions

Each event includes the affected user ID and username.

---

5. Post & Content Events

For all post types:

• status changes (draft → publish, publish → trash, etc.)
• content updates (title, content, excerpt, slug, status)
• deletions
• trash/untrash actions

The log includes IDs, titles (trimmed), post types, and what exactly changed.

---

6. SEO Meta + Critical Metadata

For published posts only, and only for selected keys:

• Yoast, RankMath, SEOPress, AIOSEO fields
• core template + featured image changes
• navigation structure changes

It stores:

• old value length
• new value length
• whether the value changed
  (without storing raw sensitive data)

This lets WPMC understand meaningful content and metadata changes on pages you monitor.

---

7. Media Library Events

All attachment-related actions:

• new media added
• attachment edits
• attachment deletion
• generated metadata (image sizes, dimensions)

---

8. Settings Changes

Currently limited to:

• permalink structure
• site title
• site description

Future versions will expand this list.

---

🗂️ Where the Logs Live

The plugin stores logs in:

wp-content/uploads/wpmc/logs/updates-YYYY-MM.php

Each file contains JSONL entries, preceded by:

<?php exit; ?>

…so even if misconfigured, logs cannot be accessed publicly.

The directory is automatically protected using:

• .htaccess (Apache)
• web.config (IIS)
• index.html (Nginx fallback)

Logs rotate monthly and can be purged via the REST endpoint.

---

🧩 Why This Feature Matters

This Activity Log is designed for:

✔ Troubleshooting (plugin updates break something? theme switched?)
✔ Editorial visibility (what changed on a published page?)
✔ Security awareness (login failures, role changes, password resets)
✔ Correlation with WPMC monitoring data (foundation for 2025 roadmap)
✔ Forensic analysis after layout changes, SEO drops, or performance shifts

This gives you local, verifiable evidence of what happened on the site — without relying on third-party services or server logs.

---

🚀 This Is Just the Beginning

Version 1.1.0 is the foundation for deeper future capabilities:

• linking Activity Log events to visual diffs
• detecting suspicious admin activity
• correlating login failures with security alerts
• highlighting impactful content changes in daily/weekly summaries
• anomaly detection based on editorial activity
• admin and editor behaviour patterns

WPMissionControl will soon be able to not just monitor your site from the outside, but also understand its internal activity.