YT Admin Activity Log

A lightweight WordPress plugin that tracks key admin actions (login, post updates, plugin activation). Stores logs in a custom database table and provides a simple admin page to view the latest 100 actions.

Features

• Single File Architecture: All code in one PHP file for simplicity
• WPCS Compliant: Follows WordPress Coding Standards
• Secure: Proper sanitization, validation, and escaping
• Singleton Pattern: Prevents multiple instances
• Custom Database Table: Dedicated table for activity logs
• Activity Tracking: Monitors login, post updates, and plugin activation
• Admin Interface: Simple page to view the latest 100 activities
• Translation Ready: i18n/l10n support
• Activation/Deactivation: Proper lifecycle hooks
• Uninstall Cleanup: Clean removal of plugin data and custom table

Installation

1. Upload the plugin file to /wp-content/plugins/yt-admin-activity-log/
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Access the activity log via the admin menu

Usage

Once activated, the plugin automatically tracks:

• User Logins: Records when users log into the admin area
• Post Updates: Tracks when posts are created, updated, or deleted
• Plugin Activation: Logs when plugins are activated or deactivated

Viewing Activity Logs

Navigate to Admin Activity Log in the WordPress admin menu to view the latest 100 activities.

Database Schema

The plugin creates a custom table: {prefix}_admin_activity_log

Columns:

• id - Auto-incrementing primary key
• user_id - WordPress user ID who performed the action
• action - Type of action performed
• object_type - Type of object affected (post, plugin, etc.)
• object_id - ID of the affected object
• description - Human-readable description of the action
• ip_address - IP address of the user
• created_at - Timestamp of the action

Tracked Actions

Action Type	Description
Login	User successfully logged in
Post Created	New post published
Post Updated	Existing post modified
Post Deleted	Post moved to trash
Plugin Activated	Plugin enabled
Plugin Deactivated	Plugin disabled

Plugin Architecture

Constants Defined

YT_ADMIN_ACTIVITY_LOG_VERSION  // Plugin version number
YT_ADMIN_ACTIVITY_LOG_BASENAME // Plugin base name
YT_ADMIN_ACTIVITY_LOG_PATH     // Plugin directory path
YT_ADMIN_ACTIVITY_LOG_URL      // Plugin directory URL

Main Class Methods

Core Methods

• get_instance() - Singleton instance retrieval
• __construct() - Initialize plugin
• init_hooks() - Register WordPress hooks
• load_textdomain() - Load translations

Database Methods

• create_table() - Create custom activity log table
• log_activity() - Insert activity record
• get_recent_activities() - Retrieve latest 100 activities

Admin Methods

• add_admin_menu() - Add activity log page to admin menu
• render_activity_log_page() - Display activity log interface
• enqueue_admin_scripts() - Load admin CSS/JS

Tracking Methods

• track_login() - Log user login events
• track_post_update() - Log post modifications
• track_plugin_activation() - Log plugin state changes

Lifecycle Methods

• activate() - Run on plugin activation (creates table)
• deactivate() - Run on plugin deactivation
• yt_admin_activity_log_uninstall() - Run on plugin deletion (drops table)

Programmatic Access

// Get plugin instance
$log = YT_Admin_Activity_Log::get_instance();

// Log custom activity
$log->log_activity(
    get_current_user_id(),
    'custom_action',
    'custom_object',
    123,
    'Custom description'
);

// Get recent activities
$activities = $log->get_recent_activities();

Customization

Add Custom Activity Tracking

Add custom tracking by hooking into the log_activity() method:

add_action( 'your_custom_action', function() {
    $log = YT_Admin_Activity_Log::get_instance();
    $log->log_activity(
        get_current_user_id(),
        'your_action',
        'your_object_type',
        $object_id,
        'Your description'
    );
} );

Modify Activity Retention

By default, the admin page shows the latest 100 activities. To modify this, edit the SQL query in get_recent_activities() method.

Security Best Practices

Implemented:

• Direct file access prevention
• Capability checks (current_user_can())
• Input sanitization (sanitize_text_field())
• Output escaping (esc_html(), esc_attr(), esc_url())
• Prepared SQL statements ($wpdb->prepare())
• IP address sanitization
• Nonce verification for admin actions

Development

File Structure

class-yt-admin-activity-log.php    # Main plugin file
assets/
  css/
    admin.css                       # Admin styles
  js/
    admin.js                        # Admin scripts
README.md                           # This file

Testing Checklist

• [x] Plugin activates without errors
• [x] Database table is created successfully
• [x] Activity log page displays correctly
• [x] Login events are tracked
• [x] Post update events are tracked
• [x] Plugin activation events are tracked
• [x] Admin interface displays recent activities
• [x] Plugin deactivates cleanly
• [x] Plugin uninstalls and removes all data
• [x] No PHP warnings or notices
• [x] Compatible with latest WordPress version
• [x] Works with PHP 7.4+

WPCS Validation

Run PHP_CodeSniffer with WordPress standards:

phpcs --standard=WordPress class-yt-admin-activity-log.php

Requirements

• WordPress 5.8 or higher
• PHP 7.4 or higher
• MySQL 5.6 or higher

License

GPL v2 or later

Credits

Built following WordPress Plugin Handbook and WPCS guidelines.

Support

For WordPress plugin development best practices, visit:

• WordPress Plugin Handbook
• WordPress Coding Standards

Changelog

1.0.0

• Initial release
• Activity tracking for login, post updates, and plugin activation
• Custom database table for log storage
• Admin interface for viewing activities
• Translation ready