Review your site activities with the Activity Log Viewer

Before explaining what the Activity Log Viewer is, you have to know what the Activity Log is and how it works.

When a problem with your website occurs, the first thing you want to know is "What could have caused it?". By identifying the cause, it is much easier to find the solution. That's where the Activity Log steps in. It tracks and records all the activities and reports what is happening and what went wrong with your WordPress website. It will help you to identify the problem cause.

The Activity Log is composed of the several contexts and every context has 1 or more related events. It logs the all events. 

Note: Activity Log also identifies the actual PHP file used to send emails (so you can track it better) and also identifies Post types when posts are updated.

The Activity Log Viewer settings

The Activity Log Viewer is providing the report on all activities on your site and when these activities happen.

Important: What Activity Log will log depends on your  Log To DB settings. Only events with the levels selected will be logged. 
Also, under the main menu > Tools > Docs > Event Details you can view all event details and their assigned levels:

For logs reviewing, go to the main navigation menu > Activity section.

Information that it currently displays include:

  • Time/date - The time*date of the request to the site
  • The event
  • Message - An optional message for the event
  • Username
  • IP Address - The originating IP address of the request.
  • Whom that IP belongs to
  • Meta information

If you click the particular IP address, you'll be able to analyse this IP directly from within activity log. For example,

You may also filter logs if you want. For example, bot detection - invalid username login attempts:

What does "Unidentified and not authenticated" mean?

"Unidentified" means that the request is from an IP address that is unidentified. It might be identified if it comes from a known service provider, such as Google, Bing, Pingdom, etc.

"Unauthenticated" means that when the request was sent to the site, there was no user authenticated.

The reason it says this in the log is because at the moment when a user clicked the login button, they weren't logged-in. So they're not authenticated at the instant the request is received by the server. The request is processed and then the user is authenticated. But when the request was initially received, the user was not authenticated.

Activity Log Glossary

Activity Log Glossary will help you to interpret activity logs, what they mean, what Shield setting is related to that particular log, and what action we recommend.

For further information about the power of the Activity Log, read our blog article here.

For examples of the Firewall entries in the Activity Log, how to interpret and whitelist parameters, read the article here