Simple History – user activity log, audit tool

Changelog

4.6.0 (September 2023)

This release contains some new filters and some other improvements.
See the release post for more info.

• Added: Filter simple_history/get_log_row_plain_text_output/output to be able to modify the output of the plain text output of a log row. Solves support thread Is it possible to log post ID. See documentation page for filter for details.
• Added: Filter simple_history/log_insert_data_and_context to be able to modify the data and context that is inserted into the log.
• Added: WP-CLI command now includes “via” in output.
• Added: Debug settings tab now shows if a logger is enabled or disabled.
• Changed: WP-CLI: ID field is not the first column and in uppercase, to follow the same format as the other wp cli commands use.
• Changed: GUI enhancements on settings page.
• Changed: Don’t log WooCommerce post type shop_order_placehold, that is used by WooCommerce new High-Performance Order Storage (HPOS).
• Fixed: Allow direct access to protected class variable $logger->slug but mark access as deprectad and recommend usage of $logger->get_slug(). Fixes support thread PHP fatal error Cannot access protected property $slug.

4.5.0 (August 2023)

This release contains some smaller new features and improvements.
See the release post for more info.

Added

• The debug page now detects if the required tables are missing and shows a warning. This can happen when the database of a website is moved between different servers using software that does not know about the tables used by Simple History. Fixes issue #344 and support thread Missing table support among others.
• Add filters simple_history/feeds/enable_feeds_checkbox_text and simple_history/feeds/after_address.
• Add action simple_history/settings_page/general_section_output.
• Add filter simple_history/db/events_purged that is fired after db has been purged from old events.
• Add helper functions required_tables_exist(), get_class_short_name().
• Add function get_slug() to Dropin class.
• Add function get_rss_secret() to RSS_Dropin class.
• Show review hint at footer on settings page and log page.
• Add functions get_instantiated_dropin_by_slug(), get_external_loggers(), set_instantiated_loggers(), set_instantiated_dropins(), get_instantiated_services() to Simple_History class.
• Dropins and services are now listed on the debug page.

Changed

• Order of settings tab can now be set with key order in the array passed to add_settings_tab().
• Rename network admin menu item “Simple History” to “View History” to use to same name as the admin menu item.
• Purged events are logged using the simple history logger (instead of directly in the purge function).
• Refactor code and move core functionality to multiple service classes.

4.4.0 (August 2023)

This version of Simple history is tested on the just released WordPress 6.3. It also contains some new features and bug fixes.

Release post for Simple History 4.4.0.

Added

• Logger for logging changes to the Simple History settings page. 🙈 And yes, it was quite embarrassing that the plugin itself did not log its activities.
• RSS feed now accepts arguments to filter the events that are included in the feed. This makes it possible to subscribe to for example only WordPress core updates, or failed user logins, or any combination you want. See the documentation page for available arguments and some examples. #387
• Event ID of each entry is included in WP-CLI output when running command wp simple-history list.
• Filter simple_history/settings/log_cleared that is fired after the log has been cleared using the “Clear log now” button on the settings page.
• Add helper function is_plugin_active() that loads the needed WordPress files before using the WordPress function with the same name. Part of fix for #373.

Fixed

• Shop changes to post type customize_changeset. Fix issue #224 and support threads stop the “Updated changeset” and “Move changeset” notifications, Newbie question.
• Scrollbar on dashboard on RTL websites. Fixes issue #212, support thread Horizontal Scroll.
• PHP error when showing a log entry when all core loggers are disabled. Fixes #373.

Changed

• Tested on WordPress 6.3.
• Use uniqid() as cache invalidator instead of time(). Querying the log multiple times during the same PHP request with the same arguments, adding entries to the log between each log query, the same results would be returned.
• Function get_event_ip_number_headers() moved from Simple Logger class to Helpers class.
• Misc internal code cleanup.

4.3.0 (July 2023)

Added

• Add action simple_history/rss_feed/secret_updated that is fired when the secret for the RSS feed is updated.
• Add tests for RSS feed.

Fixed

• RSS feed: Use esc_xml to escape texts. Fixes support thread XML error with RSS feed, issue #364.
• RSS feed: Some texts was double escaped.
• Plugin User Switching: store login and email context of user performing action, so information about a user exists even after user deletion. #376.

4.2.1 (July 2023)

Fixed

• Fix PHP error when running WP-Cron jobs on PHP 8 and something was to be logged. Fixes #370 and support threads wordpress.org/support/topic/fatal-error-4492/, wordpress.org/support/topic/fatal-error-4488/, wordpress.org/support/topic/php-error-in-lastest-version/.

4.2.0 (July 2023)

Added

• Filter simple_history/day_of_week_to_purge_db to set the day that the db should be cleared/purged on. 0 = monday, 7 = sunday. Default is 7.
• Add class SimpleHistory so old code like SimpleHistory->get_instance() will work.
• Add helper function camel_case_to_snake_case().
• Automatically convert camelCase function names to snake_case function names when calling functions on the \Simple_History class. This way more old code and old examples will work. Fixes for example support thread.
• Add Helpers::privacy_anonymize_ip().
• Add filter simple_history/privacy/add_char_to_anonymized_ip_address to control if a char should be added to anonymized IPV4 addresses.
• Add filter simple_history/maps_api_key to set a Google Maps API key to be used to show a Google Map of the location of a user login using the user IP address.
• If a Google Maps API key is set then a map of a users location is shown when clicking on the IP address of a logged event. #249.

Fixed

• Fix Undefined property warning when loading more similar events. #357
• Include “Plugin URI” from plugin when logging single plugin installs. #323
• Check that installed theme has a destination_name. #324
• Log correct role for user when adding a user on a subsite on a network/multisite install. #325
• Check that required array keys exists in theme- and translation loggers. Fixes support thread, issue #339.
• Fix undefined index warning in logger when context was missing _user_id, _user_email, or _user_login. Fix #367.
• Misc code cleanup and improvements.
• Fix spellings, as found by Typos.

Changed

• Move function get_avatar() to helpers class.
• Change location of filter gettext and gettext_with_context and unhook when filter is not needed any more, resulting in much fewer function calls.
• IPV4 addresses that are anonymized get a “.x” added last instead of “.0” to make it more clear to the user that the IP address is anonymized.

Removed

• Remove unused schedule simple_history/purge_db.
• Remove function filter_gettext_store_latest_translations().
• Remove support for automatically un-translating messages to the log, loggers are better and have better support for languages.

4.1.0 (July 2023)

Added

• Actions simple_history/pause and simple_history/resume to pause and resume logging. Useful for developers that for example write their own data importers because the log can be overwhelmed with data when importing a lot of data. #307
• clear_log() now returns the number of rows deleted.
• Added disable_taxonomy_log() to simplify disabling logging of a taxonomy.
• Function get_db_table_stats() that returns for example the number of rows in each table.

Fixed

• Check that array keys attachment_parent_title and attachment_parent_post_type exists in Media Logger. #313
• Don’t log when terms are added to author taxonomy in Co-Authors Plus. Fixes support thread, issue #238.
• Don’t load the log or check for updates on dashboard if the widget is hidden.
• Don’t check for updates on dashboard if a request is already ongoing.

Changed

• Moved filter simple_history/dashboard_pager_size to method get_pager_size_dashboard().
• Move function get_initiator_text_from_row() to Log_Initiators class.
• If a filter is modifying the pager sizes then show a readonly text input with pager size instead of a dropdown select. #298
• Update Chart.js library from 2.0.2 to 4.3.0. Fixes support thread, issue #340.

4.0.1 (June 2023)

Fixed

• Replace multibyte functions with non-multibyte versions, since mbstring is not a required PHP extension (it is however a highly recommended one). Should fix https://wordpress.org/support/topic/wordpress-critical-error-9/. (#351)

4.0.0 (June 2023)

🚀 This update of Simple History contains some big changes – that you hopefully won’t even notice.

For regular users these are the regular additions and bug fixes:

Changed

• Minimum required PHP version is 7.4. Users with lower versions can use version 3.4.0 of the plugin.
• Minimum required WordPress version is 6.1.
• Categories logger does not log changes to taxonomy nav_menu any longer, since the Menu logger takes care of those, i.e. changes to the menus.

Added

• Log if “Send personal data export confirmation email” is checked when adding a Data Export Request.
• Log when a Data Export Request is marked as complete.
• Log when Personal Data is erased by an admin.
• Log when a group is modified in Redirection plugin.
• Added context key export_content to export logger. The key will contain the post type exported, or “all” if all content was exported.

Fixed

• Fix error on MariaDB databases when collation utf8mb4_unicode_520_ci is used for the Simple history tables. Reported at: https://wordpress.org/support/topic/database-error-after-upgrade-to-wordpress-6-1/.
• Privacy logger is logging the creation and selection of privacy page again. It stopped worked because a WordPress core file was renamed.
• Log when a groups is enabled, disabled, or deleted in Redirection plugin.

👩‍💻 For developers there are some bigger changes, that is noticeable:

• The plugin now uses namespaces – and they are loaded using an autoloader.
• The code has been changed to follow WordPress coding standard. This means that for example all functions have been renamed from myFunctionName() to my_function_name().
• The update to PHP 7.4 as the minimum required PHP version makes code more modern in so many ways and makes development easier and more funny, since we don’t have to worry about backwards compatibility as much.
• Many more tests using wp-browser have has been added to minimize risk of bugs or fatal errors.

A more detailed changelog that probably most developers are interested in:

Added

• Add cached = true|false to AJAX JSON answer when fetching events or checking for new events. It’s a simple way to see if an object cache is in use and is working.
• Most of the code now uses namespaces.
  • The main namespace is Simple_History.
  • The main class is Simple_History\Simple_History.
  • Dropins use namespace Simple_History\Dropins and dropins must now extend the base class Dropin.
  • Loggers use namespace Simple_History\Loggers and loggers must extend the base class Logger.
• Add hooks that controls loggers and their instantiation: simple_history/core_loggers, simple_history/loggers/instantiated.
• Add hooks that controls dropins and their instantiation: simple_history/dropins_to_instantiate, simple_history/core_dropins, simple_history/dropins_to_instantiate, simple_history/dropin/instantiate_{$dropin_short_name}, simple_history/dropin/instantiate_{$dropin_short_name}, simple_history/dropins/instantiated.
• Add filter simple_history/ip_number_header_names.
• Add methods get_events_table_name() and get_contexts_table_name().
• Call method loaded() on dropins when they are loaded (use this instead of __construct).
• Make sure that a dropin class exists before trying to use it.

Changed

• Improved code organization with the introduction of namespaces. Code now uses namespaces and classes (including loggers and dropins) are now loaded using an autoloader.
• Functions are renamed to use snake_case (WordPress coding style) instead of camelCase (PHP PSR coding style). Some examples:
  • registerSettingsTab is renamed to register_settings_tab.
• Remove usage of deprectead function wp_get_user_request_data().
• Rename message key from data_erasure_request_sent to data_erasure_request_added.
• Rename message key from data_erasure_request_handled to data_erasure_request_completed.
• Applied code fixes using Rector and PHPStan for better code quality.
• Add new class Helpers that contain helper functions.
• Move functions simple_history_get_current_screen(), interpolate(), text_diff, validate_ip, ends_with, get_cache_incrementor to new helper class.
• Function get_ip_number_header_keys is moved to helper class and renamed get_ip_number_header_names.
• Class SimpleHistoryLogQuery renamed to Log_Query.
• Class SimpleLoggerLogLevels renamed to Log_Levels.
• Class SimpleLoggerLogInitiators renamed to Log_Initiators.
• Dropin files are renamed.
• Move init code in dropins from __construct() to new loaded() method.
• Rename getLogLevelTranslated() to get_log_level_translated() and move to class log_levels.
• Rename message key user_application_password_deleted to user_application_password_revoked.
• Context key args is renamed to export_args in export logger. This key contains some of the options that was passed to export function, like author, category, start date, end date, and status.
• Ensure loggers has a name and a slug set to avoid development oversights. _doing_it_wrong() will be called if they have not.
• Logger: Method get_info_value_by_key() is now public so it can be used outside of a logger.
• Logger: Method get_info() is now abstract, since it must be added by loggers.
• For backwards compatibility SimpleHistoryLogQuery, SimpleLoggerLogLevels, SimpleLoggerLogInitiators, SimpleLogger will continue to exist for a couple of more versions.

Removed

• Function simple_history_add has been removed. See docs.simple-history.com/logging for other ways to add messages to the history log.
• Unused function sh_ucwords() has been removed.
• Removed filters simple_history/loggers_files, simple_history/logger/load_logger, 'simple_history/dropins_files'.
• Unused class SimpleLoggerLogTypes removed.
• Removed logger for plugin Ultimate Members.
• Removed patches for plugin captcha-on-login.
• Remove dropin used to populate log with test data.
• Remove dropin used to show log stats.
• Examples in examples folder are removed and moved to the documentation site at docs.simple-history.com.

3.5.1 (May 2023)

• Fixed JavaScript error when Backbone.history is already started by other plugins. Fixes https://github.com/bonny/WordPress-Simple-History/issues/319.

3.5.0 (March 2023)

• Added: Log an entry when a cron event hook is paused or resumed with the WP Crontrol plugin #328.
• Fixed: DB error on MariaDB database when collation utf8mb4_unicode_520_ci is used for the Simple history tables. Reported at: https://wordpress.org/support/topic/database-error-after-upgrade-to-wordpress-6-1/.
• Tested up to WordPress 6.2.

Note: Next major version of the plugin will require PHP 7. If you are running a PHP version older than that please read https://wordpress.org/support/update-php/.

3.4.0 (February 2023)

• Changed: When exporting a CSV file of the history, each cell is escaped to reduce the risk of “CSV injection” in spreadsheet applications when importing the exported CSV. Reported at: https://patchstack.com/database/vulnerability/simple-history/wordpress-simple-history-plugin-3-3-1-csv-injection-vulnerability.

Changelog for 2022 and earlier