Every change on your WordPress site is recorded automatically. Simple History, included with every WebOps hosting plan, keeps a detailed record of who did what, when, and from where. Think of it as security cameras for your website: you may not check the footage every day, but when something goes wrong, you will be glad it was rolling.
You will see a snapshot of recent activity right on your WordPress dashboard the moment you log in:
The Simple History dashboard widget surfaces the last several events at a glance, including logins, failed login attempts, plugin and theme updates, and content changes. No separate screen needed.
What Gets Tracked
Simple History records every meaningful action on your site, organized into clear event categories:
| Category | What It Records |
|---|---|
| Logins & Access | Successful logins, failed login attempts (wrong password vs. non-existent username), logouts, and the IP address behind each one |
| Content Changes | Page and post edits, new publications, deletions, status changes, category and tag updates |
| User Management | New user accounts, role changes, password resets, profile updates |
| Plugins & Themes | Installs, activations, deactivations, updates, and deletions, including which version was installed before and after |
| Settings | Changes to WordPress core settings, menus, widgets, and option values |
| WooCommerce | Product edits, order changes, coupon modifications, and store setting updates (when WooCommerce is active) |
Each event is timestamped and tied to a specific user account and IP address, so there is never a question about who made a change or when it happened.
Why This Matters for Your Business
If you are the only person who touches your website, the activity log is a safety net, a way to retrace your steps if something breaks after an update. But the real value shows up when more than one person has access:
- Multiple editors or staff: See exactly who published that blog post, changed the homepage banner, or updated a product price.
- Outside contractors or developers: Verify what a freelancer changed during their access window, and confirm they did not touch anything outside their scope.
- Troubleshooting: When your site looks different or something stopped working, the activity log shows what changed right before the problem started.
- Security incidents: Failed login attempts and unauthorized access attempts are logged, helping us identify and block threats quickly.
Viewing the Full Log
For more than just the recent-activity widget, the full log lives under Tools → Simple History in your WordPress dashboard. From there you get the entire event stream with date filtering, free-text search, and an export option built in:
The full log viewer shows every recorded event in chronological order. Each row tells you who acted, when, from what IP, and what they did. You can search the stream, change the date range, and export results to CSV or JSON if you need to share them with an auditor or save them outside WordPress.
Filtering Down to What Matters
When something specific needs investigating, the Filters panel narrows the stream to the events that matter. You can filter by user, message type, log level, initiator (was it a logged-in user, an automated WordPress process, or an anonymous visitor?), or by event metadata like a specific IP address or username:
Common investigations: "show me every failed login attempt this week", "show me everything that user X did on this date", "show me every plugin update from the last month". The filter panel handles all of those in seconds.
Gravity Forms Activity, Logged Too
Out of the box, Simple History does not know about Gravity Forms, the form-building plugin pre-installed on every new WebOps site. So we built a custom extension that connects the two. Every meaningful Gravity Forms event lands in the same activity log alongside logins and plugin updates:
- New form submissions (which form, which entry ID)
- Entry edits, deletions, and bulk actions like trashing, restoring, marking spam, or starring
- Form management: forms created, updated (with field count), duplicated, deleted, activated, or deactivated
That means you can answer questions like "did anyone delete a contact form entry yesterday?" or "who edited the lead-capture form last week?" directly from the activity log, without digging through Gravity Forms itself:
A quick search for "submission" in the log surfaces every form submission across every Gravity Forms form on the site, with the form name and entry ID called out in each event. This extension is not a third-party plugin you can buy. It is part of the WebOps platform, deployed on every new site we set up.
How It Fits Into Your Security Stack
Simple History is one layer in the multi-layer security system we maintain on every WebOps-hosted site. Here is how the pieces work together:
- Simple History records what happens inside WordPress: user actions, content changes, and configuration updates.
- NinjaFirewall, our web application firewall, blocks malicious traffic before it reaches WordPress.
- Imunify360 protects at the server level by scanning for malware, hardening PHP, and stopping attacks at the infrastructure layer.
Together, these tools give us full visibility from the server level down to individual button clicks inside your WordPress dashboard. You do not need to configure or manage any of this. It is all set up and monitored as part of your hosting.
Frequently Asked Questions
How far back does the activity log go?
Simple History keeps 60 days of history by default. That is plenty for routine troubleshooting and most security investigations. If you ever need a longer window for a specific audit, just open a ticket and we can extend it on your site.
Does the activity log slow down my site?
No. Simple History is a lightweight plugin that writes events to the database asynchronously, and it does not run on the front-end pages your visitors see. Site performance is unaffected.
Can I see who logged into my site and when?
Yes. Every login and logout is recorded with the username, timestamp, and IP address. Failed login attempts are recorded too, which is useful for spotting brute-force attacks and confirming whether anyone unauthorized has been knocking on the door.
Someone changed something on my site and I do not know who. Can you help?
Absolutely. The activity log records every change with the user account responsible. If you are not sure how to find what you are looking for, just open a support ticket and we will pull the relevant log entries for you.
Do I need to set anything up?
No. Simple History is pre-installed and pre-configured on every WebOps-hosted site. It starts recording from day one with no action needed on your part.
Is this the same as "WP Activity Log" or "WP Security Audit Log"?
Not exactly, but it does the same job. Simple History replaced WP Activity Log on our hosting platform because it is faster, cleaner, and gets out of your way. The category of tool is the same: it is a WordPress activity log that records who did what and when. If you arrived here looking for "WP Activity Log", you are in the right place.
Can I export my activity log?
Yes. From the full log viewer (Tools → Simple History) you will see an Export button. You can save the log as CSV or JSON, which is helpful for sharing with an auditor, archiving outside WordPress, or pulling specific events into a spreadsheet.
Questions? Contact us at support [at] webops [dot] host or submit a support ticket. Our team is available 9am-5pm, 7 days a week (24/7 for emergencies).
