WP Activity Log (Premium) 5.2.2 NULLED

= 5.2.2 (2024-11-12) =

**New feature**
* New setting in the users' sessions module to enable a check for existing sessions when a logged in user accesses the login page directly.

* **Plugin & functionality improvements**
* Bumped up the minimum WordPress version to 5.5.
* Updated the Freemius SDK to the latest version.
* Addressed a number of spelling mistakes in the code notes etc.
* Reviewed again all possible activity log inputs and improved sanitization.
* Improved WooCommerce coverage: plugin now reports correct variable product SKU in the event IDs instead of the parent product SKU.
* Improved the loading order of the text domain etc (reported on the [forums](https://wordpress.org/support/topic/php-notice-filling-logs-with-new-wp6-7/)).

* * **Security fix**
* Fixed an unauthenticated stored XSS reported by mikemyers.

* **Bug fixes**
* Fixed a conflict with GiveWP plugin (reported on the [forums](https://wordpress.org/support/topic/wpal-conflict-with-givewp-3-17-2/)).
* Fixed: main dashboard events widget failed to load on a multisite network.
* Fixed a fatal error in class-reports-entity.php which occurs when duplicating reports with numbers in the title.
* Fixed: fatal error reported when updating to 5.2.1 using WordPress core5.5 and MainWP.
* Fixed: Enable / disable events ID page not loading on PHP 7.2 or lower.
* Fixed: some specific scheduled events are returning errors (reported on the [forums](https://wordpress.org/support/topic/scheduled-events-returning-errors/)).
* Fixed an Action Scheduler fatal error reported during migration / upgrade.
* "Send now" option for periodic emails now working in some edge cases.
* Fixed: Fatal error in class-alert-manager.php during upgrade to 5.2.1 on some specific multisite networks.
* Fixed: some plugin settings pages cannot be accessed from the header navigation bar on a multisite network.
* Fixed: periodic emails are triggered for all sub-sites even when filter is for one sub-site.

= 5.2.1 (2024-09-12) =

* **Bug fixes**
* Fixed a crash in the WooCommerce sensor which happens when a new WooCommerce user is registered.
* Addressed problem with Redirection sensor when Rest API endpoint is checked.
* Fixed a crash and a number of PHP notices which are triggered when the Redirects plugin and Elementor are installed on the website.
* Addressed problem with system sensor when cron job is checked.

= 5.1.0 (2024-07-04) =

* **New features**
* A setting in the reports to include / not include the events' metadata in CSV reports.
* A setting to also include the reports as attachment in emails when they are automatically generated.

* **Plugin & functionality improvements**
* Updated / improved the help text of some of the plugin's settings.
* Added an update notice so people can easily see what is new and improved when they upgrade.
* Updated the text of event ID 1002 and 1003 (failed logins).
* Standardized UTM parameters used in the plugin links.
* Updated the text of some of the events listed in the Enabled/Disable events section.

* **Bug fixes**
* The "Import/export settings" was only being loaded in the Enterprise plan - now it is also available in the Premium plan.
* Fixed a number of PHP warnings - improving compatibility with several versions of PHP.
* Fixed a PHP fatal error in Reports which occurs when upgrading.
* Fixed a PHP fatal error which occurs when specific custom notifications are set on a MainWP dashboard for events on child sites.
* Fixed a PHP fatal error in the Advanced Custom Field sensor which occurs in some specific setups.

= 5.0.0 (2024-05-22) =

* **New Activity Log event IDs**

The below event IDs are to keep log of changes in the Advanced Custom Field (ACF) plugin activity:
* Event ID 10000 - A post type was created
* Event ID 10001 - A post type was activated/deactivated
* Event ID 10002 - A post type was renamed
* Event ID 10003 - A post-type singular name was renamed
* Event ID 10004 - A post-type key was modified
* Event ID 10005 - A post types Taxonomies was modified
* Event ID 10007 - A post type was moved to trash
* Event ID 10008 - A post type was restored from trash
* Event ID 10010 - A Taxonomy was created
* Event ID 10011 - A Taxonomy was activated / deactivated
* Event ID 10012 - A Taxonomy was renamed
* Event ID 10013 - A Taxonomy singular label was renamed
* Event ID 10014 - A Taxonomy key was modified
* Event ID 10015 - A Taxonomies post type was modified
* Event ID 10017 - A Taxonomy was moved to trash
* Event ID 10018 - A Taxonomy was restored from trash
* Event ID 10019 - A Taxonomy was deleted
* Event ID 10020 - A Taxonomy term was created
* Event ID 10021 - A Taxonomy term was renamed
* Event ID 10022 - A Taxonomy term was deleted
* Event ID 10023 - A Taxonomy terms slug was modified
* Event ID 10024 - A posts taxonomy terms were modified

Also in this update, we have added a number of event IDs to keep a log of changes in the WP 2FA plugin and changes in the users' 2FA setup:
* Event ID 7800 - WP 2FA Enforcement policy updated
* Event ID 7801 - WP 2FA enforcement policies have been disabled
* Event ID 7802 - WP 2FA enforcement list was modified
* Event ID 7803 - WP 2FA exclusion list was modified
* Event ID 7804 - WP 2FA Enforcement policy updated
* Event ID 7805 - WP 2FA Trusted device was enabled / disabled
* Event ID 7806 - WP 2FA trusted device remember length modified
* Event ID 7807 - WP 2FA require password resets on unblock was enabled / disabled
* Event ID 7808 - A user configured 2FA
* Event ID 7809 - A WP 2FA user policy was enabled / disabled a method
* Event ID 7810 - A user removed the 2FA setup
* Event ID 7811 - A user has been locked for not configuring 2FA
* Event ID 7812 - A blocked user has been unblocked

* **New features**
* All new reporting module with a new UI and better user experience, featuring many more new filters, reports criteria, tags for reports, and options.
* New HTML report template with a new more modern design.
* Setting to generate reports solely from archived logs in an external database.
* Added bulk action options in the Activity Log viewer, allowing admins to disable specific event IDs, or exclude users and IP addresses from the logs using bulk actions.
* Setting to exclude posts by Post Status in the activity log.

* **Improvements**
* Integrated the Activity Log extension for MainWP into the core plugin.
* Resolved multiple MainWP-related issues, improved log extraction, report generation, and overall performance.
* Moved the Report settings in the new Reports section.
* Improved metadata layout for Event ID 2016, which is reported when a user changes categories on a post.
* The plugin now stores both user_id and username in the database for all alerts.
* Improved periodic email triggers by creating a cron job for each type of report.
* Every failed login attempt is logged as an individual event in the activity log.
* Default 'From' email address matches the user's site domain to improve email deliverability.
* The version of both the previous and new plugin version is now logged in event ID 5004, which is used to keep a log of plugin updates.
* Fixed a number broken URLs in the free edition of the plugin.
* Updated and optimized imagery in the free edition for better size and quality.
* Replaced outdated branding references throughout the plugin.
* Updated the logo for the Melapress File Monitor plugin in the Settings page.
* Applied several minor UI and UX tweaks inside the activity log viewer - adjusted width / hight and alignment of some elements.
* Improved the logic of retrieving user's data from database for better performance.
* Implemented various minor code tweaks to improve overall plugin speed, performance, and stability.

* **Bug fixes**
* Corrected the logic and info messages when disabling Event IDs directly from the Activity Log Viewer.
* Resolved an edge case where WP Engine Smart Plugin Manager was returning random usernames as actors when updating plugins on the site.
* Fixed instances in which the Statistic Reports for 'unique IPs that accessed the site' were being split into multiple rows for the same day.
* Addressed missing metadata for 'username' in the Custom Email Notification template triggered by failed login attempts.
* Fixed a bug causing the system info file to display the same title for both Free and Premium editions when both were installed.
* Resolved an issue where WooCommerce Event ID 9105 was not captured if the user placing the order was not logged in.
* Corrected class references within the plugin's core (widget sensor).
* Fixed the built-in notification for failed login attempts to properly show the user's IP address (there were edge cases in which it wasn't).
* Resolved a bug with the 'hide plugin from other admins' setting that allowed some users to still see the plugin as installed.
* Fixed numerous PHP warnings generated by the WooCommerce sensor.
* Addressed a bug in WhiteLabellingSettings.php that could cause a PHP fatal error when accessing site admin pages.
* Fixed WordPress database errors generated by the plugin when creating custom notifications.
* Resolved an issue causing some Event IDs not to trigger custom notifications if the activity occurred on the site frontend.
* Fixed a bug that could prevent the Daily Email Summary from being triggered.
* Corrected the year not being replaced correctly in the main plugin PHP file.
* Fixed a number of PHP warnings that could be generated by the plugin when WooCommerce orders were placed.
* Addressed PHP warnings generated by the GravityForms built-in sensor.
* Fixed a bug which was causing wsal_cleanup cron to not be fired correctly therefore old logs and expired sessions could not have been removed properly.

= 4.5.3 (2023-07-05) =

* **Bug fixes**
* Fixed issue causing pruning of reports to remove all stored reports.
* Fixed issue which could cause a memory issue when migrating from older WSAL versions.
* Fixed error which could cause 'Excluded custom user fields' to not save when updating.
* Fixed issue which cause cause a fatal error when saving pages via the Oxygen Builder plugin.

* **Other improvements**
* Updated Freemius SDK to the latest version (addressing a security issue).

= 4.5.2 (2023-05-11) =

* **Plugin & features improvements**
* Improved PHP 8.2 compatability.
* Replaced the elipsis icon used for the Event data viewer with a "More details" button in the activity log viewer.
* Updated a number of hooks (better interoperability) used in custom sensors.
* Improved the "installed plugin" check to only show one extension notification when both the free and premium edition of a plugin are installed at the same time.
* Activity log data is also automatically deleted from the archive database when using the logs data deletion tool.

* **Security updates**
* Fixed a number of CSRFs, missing authorization & missing capabilities checks discovered by Marco from Wordfence.

* **Bug fixes**
* Fixed: Fatal error reported when cloning a site on a multisite network with the NS Cloner plugin.
* Fixed: Plugin was not retrieving the correct IP address when using a reverse proxy since update 4.5.0.
* Addressed a number of PHP Warnings reported when using the WP Rocket plugin to purge the cache.
* Fixed: PHP warning when saving Exclude Objects settings.
* Setting up a mirroring connection and configuring the mirror of logs was not being reported in the logs.
* Fixed: Fatal error when using the User Switching plugin to switch a user's session.
* Fixed: Logins from non-native login forms (such as those from WooCommerce) were not captured correctly since update 4.5.0.
* Fixed: Plugin not terminating existing user session when the seting to "overwrite existing session" was enabled.

= 4.4.3 (2022-12-08) =
Release notes: [Announcing WP Activity Log 4.4.3]
* **New activity log event IDs**
* 6060: an event ID was enabled or disabled.
* **New features & functionality**
* [MemberPress activity log extension](https://wpactivitylog.com/extensions/memberpress-activity-log/) - keep a log of the changes that happen on your MemberPress powered website.
* Support for syslog connections over TLS connection.
* Setting to write activity logs directly to a log file (completely bypassing the Action Scheduler).
* Sessions policies for super admins on a multisite network.
* Button to terminate only the displayed sessions in the Logged-In users view.
* New setting to show only the logged in users who have multiple sessions.
* New {user_email} tag available for custom notifications.
* Plugin can now read v4 IP addresses that are mapped to v6.
* **Plugin & features improvements**
* Reports are now generated in the background and an email is sent to the user upon completion, allowing users to navigate away from the page without interrupting the process.
* Non mirrored logs are now stored in a php file instead of a log file - more secure implementation.
* User email address is now available as a tag that can be used in email templates.
* Major database queries improvements to optimize the reading of activity log events from the database.
* Improved display of extension events (as well as special sub-options) within the Enable/Disable events view.
* Adjusted CSS for a more responsive activity log viewer.
* Improved login sensor to improve compatibilty with most custom login forms.
* Improved logic handling when creating custom notifications.
* Activity Log events sorted by event ID in Enable/Disable Events section.
* UI improvements to the Enable/Disable events view.
* Activity log event metadata is now consistently an array for efficiency and better data management.
* Added new options in the "Terminate all sessions" feature to terminate all but the admin's sessions.
* Silencing admin notices in the activity log viewer page.
* New selection checkbox to individually select sessions from the logged in users view.
* Various UI and UX improvements to the Users Sessions view.
* Event data inspector styling improvements.
* Removed the Freemius SDK from the free edition of the plugin.
* Plugin now displays the user role name instead of the slug.
* Improved the plugins internal logging class/system.
* Applied several new checks and improvements to improve the reliability of the archiving connection module.
* Limited external connection usage to single use (to avoid conflicts and speed up the process).
* Removed Freemius from the Free edition of the plugin.
* Improved the logic of event ID 1000 (user login) to avoid duplicate events when a user logs in via WooCommerce.
* Improved the "ordering and organizing" of the event ID lists in the Enabled / Disable Events section.
* Updated the Freemius SDK to version 2.5.3.
* Improved compatability with the MemberPress plugin (addresses a number of errors etc).