WPWhiteSecurity

Hello @luckilyhappy

Thank you for your feedback.

I think the settings of the activity log retention policies vary a lot from business to business. It depends on the type of logs, the purpose of the logs etc. For example many financial institutions are required by law to keep logs for up to 8 years.

I do not know what the nature of your business is and why are you keeping the logs. However, from the security point of view one is definitely required to keep the logs for more than 7 days. In most cases people keep logs for at least a year.

Having said that, we might add a filter or update the setting to allow the users to specify days in the activity log retention settings. If you would like to keep yourself updated on our plugin updates, please subscribe to our newsletter.

Hello @jdcohan

Thank you for using our plugin.

Can you please try to switch the activity log view mode to pagination view mode and back?

If that does not help, then can you please:

1) Open the browser developer tools
2) Click on the console tab
3) Refresh the page

There should be some errors reported. Can you please send us a screenshot of the error? If you have sensitive information in the screenshot please send it via email to [email protected].

Thank you and looking forward to hearing from you.

Hello @luckilyhappy

Thank you for showing interest in our plugin. Below are all the answers to your questions:

The personal identifiable data that the plugin keeps a log of are the IP address and also the WordPress username, which is also PID. It does not use any cookies or any other pieces of data.

It is important to point out that:

a) a plugin or a software cannot be GDPR compliant. A website or a complete service has to be GDPR compliant.

b) GDPR does not restrict you from keeping a record of PID. GDPR is about enforcing website / online services owners being transperant about what they do with the users’ data. In fact such data is needed in the logs, otherwise the logs have no value from the security and management point of view.

c) In fact GDPR requires you to keep a log of who accesses specific data etc.

So the aim here is not to strip the data from the logs, but to tell the users about what data are you keeping and what you are doing with it. We wrote about this in more detail in;

– Can I use WP Activity Log on GDPR compliant websites?
– Enhancing your GDPR toolkit with the WordPress activity log

We have also prepared a privacy policy template for users like you, who would like to use the plugin on their website. Here it is: https://wpactivitylog.com/policy-notice/#plugin_notice.

The data is stored in the WordPress database or in an external database (optional). You can read more on how the data is stored in the activity log database documentation.

The plugin also has a Purge Activity Log button, which when used it deletes all the logs.

In regards to plugin retention, I am afraid that the least amount of time you can keep the logs for is 1 month.

If I may, instead of approaching GDPR this way, and worrying on how to delete data, all you need to do is tell the users what you are doing with the data. If you iron that out, you should not have any problems and your website will be 100% compliant.

I hope that helps. Should you have any further questions, please do not hesitate to ask.

Sorry for the late response @repenter

It is something we will include in the next update of the plugin, which is to be released within a week or two. So stay tuned with us!

Sorry for the late response @hackrepair

At the moment the plugin does not have email notifications. However we will be implementing them in the next update, which we will be releasing within a weak or two. So thank you for the suggestion.

Hello @patternmb,

We have just released update 3.3 and can confirm that we have included the fix. You can read more about the latest WP Security Audit Log plugin update in these release notes.

Hello @tpphost,

Thank you very much for the positive feedback about the plugin.

Since the plugin is working on other sites but this one for you, is there anything different in this site from the others?

Maybe the version of WordPress or PHP?

Also, can you please enable WordPress debug and try to reproduce the issue? If you are able to reproduce the issue, are there any logs in the debug log file you can share with us?

Looking forward to hearing from you.

Hello @jcleath,

Thank you for using our plugin.

Those events are being logged because your website visitors are requesting a non existing page. If you click on the link you’ll download the log file, in which you can see which non-existing URLs are being requested.

You can read more about these events and how to configure or disable them in keeping an activity log of 404 errors.

Please let us know if you require any further assistance.

Thank you for the review @studiogrynn.

In regards to admin notices, this was a bug in the last build and some messages where showing up when they were not supposed to. Please update your plugin to version 3.2.2.2 for the issue to be fixed.

In fact all our admin messages typically are restricted to the plugin pages. We do not like admin messages that show up on all WordPress pages and never do it ourselves, apart from this case which was a bug.

Thank you for using the plugin and for the understanding. Appreciate if you can update the review after updating the plugin.

Hello @mikeyb31,

We just released version 3.1.7 of the plugin which includes a fix and performance enhancement. Please try it out and keep us posted on the outcome of the test.

Thank you for your cooperation.

It seems that you have restricted the plugin install just to the super admin. Can you navigate to the plugin settings and confirm if the option Restrict Plugin Access is enabled?

If it is, please disable it and access should be restored. Can you please check and advise?

You’re welcome @hvianna.

So you are able to access the FULL plugin menu (including the audit log ) in the Network dashboard correct?

Just checking, what roles do the users you are using on the sites have on that site in question? By default these are the privileges:

Super admin can access the plugin menu from anywhere
Site admins can see the audit log of their site only when they are logged in to the site.

Looking forward to hearing from you.

Hello @wp_begginer_pri,

Thank you for trying our plugin and sorry to hear you had such issues. It is a first that we hear about the redirects upon activation. Maybe you can expand a bit more on that?

In regards to your questions:

1) The plugin creates three tables in the database in which it stores the setting and the WordPress activity log. You can read all the tech details in the WP Security Audit Log plugin database use.

If you do not intent to use the plugin again, you can safely delete the three tables the plugin uses.

2) Files – the plugin created the /wp-content/wp-security-audit-log/ directory in which it stores a list of 404 errors etc. If you are not using the plugin you can safely delete this directory.

3) The plugin supports reverse proxy setups etc so should you ever have the time and would like to try the plugin again, please do contact us. We’d like to see what could be causing these issues.

Thank you very much for the positive feedback and for taking the time to report the issue.

Hello @hvianna

Thank you for using our plugin and sorry to hear you are having such issues.

As such updating from 3.0.1 should not create any issues. Can you please try the following:

1) Deactivate the plugin.
2) Delete the table wp_wsal_options from the WordPress database.
3) Activate the plugin.

Does that help?

Hello @wantondude,

Thank you for showing interest in our plugin.

We have a post that explains all you need to know about the WP Security Audit Log plugin in relation to user privacy and GDPR compliance.

In short, you can use the plugin on GDPR compliant website. Please do not hesitate to ask should you have any further queries.