plugin-icon

Activity Guard – Security Scanner, Activity Log with IP blocking

Free WordPress activity log with IP blocking, vulnerability scanner, WooCommerce abandoned cart analytics, and real-time Slack and Telegram alerts.
Votazioni
5
Versione
3.11.4
Installazioni attive
30
Ultimo aggiornamento
Jun 26, 2026
Activity Guard – Security Scanner, Activity Log with IP blocking

Activity Guard is a free WordPress plugin that covers four things most plugins charge separately for: a complete activity log, an IP-based security firewall, a plugin vulnerability scanner, and WooCommerce abandoned cart analytics. Alerts go out in real time to Slack, Telegram, or email, all from one dashboard.

Most activity log plugins stop at logging. Most security plugins don’t touch WooCommerce. Plugins like WP Activity Log, Simple History, and Stream do logging well — Activity Guard adds real-time Slack and Telegram alerts, an IP firewall with emergency shutdown, CVE vulnerability scanning, and WooCommerce abandoned cart recovery analytics, all at no cost. No paid tier required for any of it.

No other free plugin on WordPress.org combines these four in one place: a complete audit log, an IP security firewall, a multi-database vulnerability scanner, and WooCommerce analytics with cart recovery tracking.

Activity Guard Website | Documentation | Pro Support

WordPress Activity Log

Activity Guard records every meaningful change on your site, including the IP address, username, timestamp, and the exact change made. The audit log covers:

  • User logins, logouts, and failed login attempts
  • User registrations, role changes, and profile edits
  • Pages, posts, and custom post types: create, edit, delete, status changes
  • Plugin and theme activations, deactivations, updates, and deletions
  • WordPress core settings and configuration changes
  • Menu, widget, and sidebar modifications
  • Email delivery tracking via a full email log
  • Form submissions from Contact Form 7, SimpleForm, and others
  • Admin settings changes and debug log events
  • Cron job scheduling and background process tracking
  • Script modification and file change detection
  • Visitor traffic monitoring with an on/off toggle

Visual charts summarize your audit log at a glance. No need to scroll through raw log tables to understand what’s happening on your site.

Security Firewall and IP Blocking

Activity Guard actively blocks threats rather than just recording them.

  • IP blocking by manual entry, CIDR range, or conditional rule
  • Emergency Shutdown: force-logout every active session on your site with one click
  • Cloudflare Turnstile login protection against bots and brute force attacks
  • Login rate limiting to stop credential-stuffing
  • Bot detection and automatic IP blocking
  • Restrict or fully disable XML-RPC access
  • Core file integrity scanner to detect unauthorized file changes
  • File integrity monitoring across plugins and themes
  • Block TOR network access
  • Block vulnerability scanner user agents
  • HTTP security headers: custom, logged, and enforced
  • WordPress version hiding
  • 404 error tracking and suspicious HTTP request alerts
  • Admin dashboard visitor tracking
  • Cron job failure and site downtime monitoring

The Emergency Shutdown feature is specific to Activity Guard: one click and every logged-in session on your site ends immediately — useful when you detect a breach in progress and need everyone out now.

Plugin Vulnerability Scanner

Activity Guard scans every installed plugin and theme against multiple vulnerability databases before problems develop:

  • Detect plugins with known CVEs across NVD, WPVulnerability.net, and the WPAzleen private API
  • Flag outdated plugins not compatible with your WordPress version
  • Identify abandoned plugins not updated in over a year
  • Warn about plugins with low install counts or poor ratings

No other free activity log plugin on WordPress.org includes a built-in multi-database vulnerability scanner.

WooCommerce Activity Log and Analytics

Activity Guard logs every WooCommerce event and adds analytics built specifically for store owners.

Order tracking covers status changes, payments, refunds, and cancellations. You also get stock level changes and low-stock events, coupon creation and usage, product pricing edits, billing and shipping address updates, customer registration changes, and real-time shipping status updates.

The abandoned cart and incomplete-order analytics go further than basic logging. The dashboard shows checkout drop-off rates, recovery potential, recovery rate, and how customers interact with their carts before leaving. This tells you where revenue is being lost, not just that it was lost.

WooCommerce abandoned cart analytics with recovery rate tracking is included free. No competing free activity log plugin on WordPress.org provides this.

Slack and Telegram Notifications

Activity Guard sends alerts the moment a critical event occurs, across four channels:

  • Slack: route alerts to any channel, tag specific users or groups with @mentions
  • Telegram: real-time activity and security alerts direct to your Telegram chat
  • Email: configurable per event type
  • Admin dashboard: in-panel notification view

Events that trigger alerts include core file changes, plugin and theme updates (with the username that triggered the update), WooCommerce orders, payments, coupon usage, incomplete order follow-ups, product edits, stock changes, login and registration events, page and post changes, form submissions, and admin settings changes. A daily digest and weekly plugin download summary are also available.

You can schedule notifications for specific times and control exactly which events send alerts.

Admin and Developer Tools

  • Maintenance mode toggle from the dashboard
  • Menu and widget change tracking
  • Plugin and theme activation and deactivation logs
  • Script modification detection
  • HTTP security header change logging
  • Debug log and fatal error detection
  • Email log: full delivery history for all outgoing WordPress emails
  • Contact Form 7 and SimpleForm integration alerts

Who Uses Activity Guard

WooCommerce store owners use it to track every order, coupon, product change, and shipping event, and to recover revenue with abandoned cart analytics. Site administrators use it to know exactly who changed what, instantly log out suspicious users, and maintain a clean audit trail. Agencies and developers use it to monitor plugin updates, configuration changes, fatal errors, and debug logs across client sites. Security-focused admins use it to block IPs, scan for CVEs, monitor file integrity, and trigger emergency shutdowns. Multi-author sites use it to hold contributors accountable with full user activity logging and role-change tracking.

Join us: Facebook | YouTube | X / Twitter

External Services

Slack Webhook Integration

Activity Guard sends notifications to your Slack workspace using a Slack incoming webhook URL that you provide. To set one up:

  1. Create a Slack app or use an existing one
  2. Enable Incoming Webhooks in the app settings
  3. Add a webhook to your workspace
  4. Paste the webhook URL into Activity Guard settings

No data is stored by Slack beyond what you configure in your own Slack workspace. See Slack’s privacy policy for details.

Cloudflare Turnstile

Activity Guard uses Cloudflare Turnstile for login bot protection. When Turnstile is enabled, your login page communicates with Cloudflare’s verification servers. See Cloudflare’s privacy policy for details.

Plugin Vulnerability Scanner – Data Sources

  • WordPress.org Plugin API: retrieves plugin metadata including latest version, last updated date, rating, and active install count. Privacy Policy
  • WPAzleen API: private endpoint for known vulnerabilities by plugin and version. No sensitive data is transmitted. Privacy Policy
  • WPVulnerability.net: public API for CVE-based vulnerability data. Privacy Policy
  • National Vulnerability Database (NVD): official CVE data from NIST. Privacy Policy

All scans run locally using public metadata and vulnerability feeds. Activity Guard does not collect, store, or transmit any personal information during scans.

Freemius

Activity Guard uses the Freemius SDK for optional telemetry. No data is collected by default. Data collection only starts after you explicitly confirm in the admin notice. See the Freemius privacy policy for details.

WPAzleen Settings API

Loads display settings for the Pro upgrade modal in the plugin admin area. No personal data is transmitted. WPAzleen Privacy Policy

Source Code

The source files for all compiled/minified JavaScript and CSS in this plugin are publicly available at:

https://github.com/wpazleen/activity-guard

Build instructions:

  1. Clone the repository or visit the src directory directly.
  2. Run npm install in the root to install dependencies.
  3. Run npm run build to compile JavaScript and CSS assets.
  4. Compiled files output to build/.

Contributions, bug reports, and pull requests are welcome.

Gratuitosui piani a pagamento
Testato fino alla versione
WordPress 7.0
Questo plugin ora può essere scaricato per il tuo sito .