The most complete real-time user activity and monitoring log plugin isWP Activity Log. Thousands of WordPress admins and security experts use it to keep track of what's going on with their sites.It is also the most popular WordPress activity log plugin and has been featured on sites like GoDaddy, Kinsta, and WPBeginner.

Demo: https://WP activity log.com/

Features WP Activity Log Pro

• Detailed activity records: Full logging of all user and backend website and multisite network modifications with the highest coverage plugin.
• Third Party Plugin Activity Log: Changes to WooCommerce, Yoast SEO, Gravity Forms and many other third-party plugins are tracked in the activity log.
• Track any modifications to the REST API: Use the REST API to track changes made to your website by authenticated users.
• Track any file modifications: Track any file changes made to your WordPress site, as well as any third-party code installed.
• Provides a fully customizable activity log: Fine-tune the log to suit your needs. Individual event IDs can be disabled, as well as the level of information in logs, retention policies, and permissions.
• Email and SMS alerts are sent immediately:With built-in alerts, you'll be instantly notified whenever something important happens on your website.You can also use the trigger builder to create custom notification criteria so you are notified of changes that matter to you.
• For activity logs, there are search and filter options: Search the activity log for data and use filters to narrow the results to discover what you're searching for in seconds.
• User and site activity reports:Using a simple reporting engine, you can create any kind of report from the activity log. Reports can be exported in HTML or CSV format.
• Automatically generated scheduled reports: Configure the plugin to automatically provide you with reports on a daily, weekly, monthly or quarterly basis.
• User session management: See who's logged into your site and what changes they've made in real time.You can also use this module to limit the number of concurrent sessions and remotely terminate logged in sessions.
• Inactive users must be logged out automatically: If users leave their sessions unattended, automatically terminate them to protect your site.
• External activity log database: To improve log integrity and website security and speed, store activity logs in an external database.
• Improve log management by archiving outdated activity log data: Configure the plugin to automatically archive activity log data older than a certain time into a separate database, allowing you to better organize your logs, quickly find what to search for, and keep your main activity log database compact and fast.
• Log management and business system integration: Because the activity log is mirrored in real time to your central log management system, you don't need to log in to the website.From one location, you can observe everything that is happening. WP Activity Log integrates with AWS CloudWatch, Loggly, Slack, and other applications.
• Activity logs should be mirrored to log files: As a backup, mirror the activity log to a log file, or if you wish to import the activity log into a custom log management system.Configure the plugin to save activity logs to log files that your system can read and interpret.
• Activity logs should not be saved to the website's database: You can deduplicate data by setting the plugin to not write any activity log data to the database when sending the activity log to a log file or to a third-party log management system.
• Configurations for plugin settings can be exported and imported:Exporting plugin settings configuration for backup or importing the same plugin configuration to other websites gives you a basic configuration that can be easily propagated to other websites.
• Delete data from some activity logs:Do you need to remove information about a person, IP address, or other object from your activity log?Use the Activity Log Data Manager to remove certain data you don't want from your website logs.
• Advanced assistance:Within a few hours, you will receive email assistance. The average response time of our knowledgeable support team is 6 hours.
• Ad-free: There are no ads in WP Activity Log Premium.

Changelog: WP Activity Log Pro

4.3.3 (2021-10-13)
Release notes: WP Activity Log 4.3.3: Plugin setting importer & exporter & support for REST API
New activity log event IDs
ID 5028: Enabled or disabled automatic updates for a plugin.
ID 5029: Enabled or disabled automatic updates for a theme.
**New activity log event IDs for notifications in the plugin**
ID 6310: Changed the status of the “Daily activity log summary email”.
ID 6311: Modified the list of recepients of the “Daily activity log summary email”.
ID 6312: Changed the status of a built in notification.
ID 6313: Changed the recepient(s) of a built in notification.
ID 6314: Added a new custom notification.
ID 6315: Modified a custom notification.
ID 6316: Changed the status of a custom notification.
ID 6317: Deleted a custom notification.
ID 6318: Modified the default notification template.
New activity log event IDs for integrations & activity log mirrors
ID 6320: Added a new integration connection.
ID 6321: Modified an integration connection.
ID 6322: Deleted an integration connection.
ID 6323: Added a new activity log mirror.
ID 6324: Modified an activity log mirror.
ID 6325: Changed the status of an activity log mirror (disabled/enabled).
ID 6326: Deleted an activity log mirror.
ID 6327: Changed the statues of the setting “Logging events to database”.
New features
Plugin settings exporter & importer: easily export and import the plugin’s settings configuration for backups, migration etc.
Options to delete specific data from the activity log, such as all events about a user, or an IP address.
Plugin keeps log of authenticated user changes done to the website via the REST API.
New button to only terminate the users’ sessions that match the search criteria in Logged in users’ session.
Added the new {first_name} and {last_name} tags to the custom notifications template.
New hook to edit the activity log event data before it is sent to mirrors.
Improvements
Logs from subsites on multisite networks can be mirrored to AWS Cloudwatch as individual log streams.
Activity log retention policy can now be specified by the number of days.
Plugin now reports user role changes done via the “Members” plugin (by Memberpress).
Event ID 2010 (user uploaded a file) now includes a link to the uploaded attachment.
Added “Blog ID” and “Site URL” to mirrored activity log events.
Hover over prompt for users entries in activity log viewer now displays more information about the user.
Improved the handling of post meta changes.
Renamed menu entry “DB & Integrations” to “Integrations” to better reflect its purpose.
Contact us link in install wizard now points to contact us page on website instead of homepage.
Auto complete filters in Reports now check up to 100 records.
Added additional database checks to ensure all data is removed from database upon uninstall on a multisite network.
Improved coverage for the Members plugin – plugin now reports user role changes done via the Members plugin.
Updated the “Help” link in the first time install wizard.
change the “wsal_inactive_sessions_test” database override to a filter.
Improved in-context help messages in plugin settings and ensured all titles are uniform.
Bug fixes
Fixed a PHP warning which happened when visiting the plugin’s settings pages (support ticket).
Fixed PHP notice which happened when visiting an archive page (support ticket).
Event IDs for “integration connections” changes wrongly reported for changes in “activity log mirroring connection” changes.
Fixed: Activity log retention policies appearing twice in some scenarios.
Fixed: Activity log retention settings and archive settings popup logic.
Added the missing argument in a multisite network that were creating a PHP error during plugin uninstall.
Setting the setting “Remove all data on uninstall” to “No” no longer leaves no option selected.

4.3.2 (2021-08-03)
Release notes: New external database module, plugin logging, and other exciting features

New event IDs for WP Activity Log plugin settings changes
ID 6046: Changed the status of the Login Page Notification.
ID 6047: changed the text of the Login Page Notification.
ID 6048: changed the status of the Reverse proxy / firewall option.
ID 6049: changed the Restriction Access setting.
ID 6050: changed the list of users that can view the activity log.
ID 6051: enabled / disabled the Hide plugin in plugins page setting.
ID 6052: changed the activity log retention policies.
ID 6053: excluded / included back a user in the activity log.
ID 6054: excluded / included back a user role in the activity log.
ID 6055: excluded / included back an IP address in the activity log.
ID 6056: excluded / included back a post type in the activity log.
ID 6057: excluded / included back a custom field in the activity log.
ID 6058: excluded / included back a user profile custom field in the activity log.
New features
A completely new external database module (with full backward compatibility support).
Activity log can now be stored on external MySQL databases on Microsoft Azure.
A new sensor to keep a log of WP Activity Log plugin settings changes.
New setting to “not write activity log to database” when mirroring the activity log to a third party service.
The “all except from” criterion in the reports, allowing users to easily exclude specific object from a report criteria.
Plugin database version: the plugin’s database is now versioned, making it much easier to upgrade the database structured when required.
Custom fields in user profiles can be excluded from the activity log from the “Exclude Objects” settings section.
The filter “wsal_event_metadata_definition” which allows users to add additional meta data to an event in the activity log. Refer to the list of hooks in WP Activity Log for more information.
Added events severity level filter in the mirroring connection, allowing users to filter which events should be mirrored by severity level.
Plugin improvements
Replaced the old external database buffer system with the Action Scheduler library to improve reliability and performance.
Redesigned the reports download functionality so it works on any type of WordPress web hosting.
Replaced the old activity log events migration module with WP Background processing, for a more reliable migration process.
Full support for PHP 8.
Detection of third party plugins activity & recommendations for activity log extensions.
Added a number of checks to the external database module for an improved database connection setup UX.
Activity log plugin extensions are also hidden when the WP Activity Log plugin is hidden from the plugins page.
Removed all the code that was previously used for migration of events between the WordPress and external database.
Remove code that is no longer required in the free edition of the plugin.
Better support for plugins that still use old methods (old use of the lostpassword_post filter) to allow users to reset their password without an error.
All database events have been moved under the “WordPress & System” tab in the Enable/Disable events section.
Improved the text of the plugin’s install wizard.
Live notifications in Admin toolbar are now disabled by default (performance enhancement).
Amazon AWS library is disabled by default. Users will be alerted to initialize it from wp-config.php if required.
Added the “;” as separator in the meta data section in CSV reports.
Removed the event ID 4-digits limit to allow users to declare event IDs with 5+ digits.
CSV reports now show the right username & display name, as configured in the plugin settings.
Bug fixes
Plugin was not capturing user logouts from Ultimate Member plugin profile page.
Plugin was reporting wrong directory name in URL in event ID 2101 on a multisite environment.
In specific scenarios the plugin reported a custom field name as NULL in event ID 2054.
Fixed the broken link to user profile page in event ID 4001.
Event ID 4029 (user sent a password request) had the wrong Event Type.

4.3.1.1 (2021-06-28)
Note: this update is only for the premium edition of the plugin.

Bug fix
Fixed an issue in which scheduled reports could not be saved, resulting in a critical error.

4.3.1 (2021-06-03)
Improvements
Minimum version of PHP required now is 7.0.
Added a custom prefix to libraries and dependencies used in the plugin to ensure there are no conflicts.
Bug fixes
Corrected logic in code to ensure all sessions are handled and checked when destroying idle sessions.
Fixed an issue causing create/expired times in the “Logged in users” view to appear incorrectly.
Implemented a missing function without with events were not retreived from the MainWP extension.

4.3.0 (2021-05-20)
Release notes: WP Activity Log 4.3: The new mirroring module & integrations

New features
The new WordPress activity log mirroring module: mirror your website’s activity log in real-time to AWS CloudWatch, Loggly, a log file and several other services.

Improvements
The activity log is mirrored to third party services in real-time.
Event metadata is included in the CSV reports.
The severity levels of the activity log have been mapped to the standard severity levels documented in the RFC.
The event metadata in the mirrored activity log events is in JSON format.
Event type and Object metadata is included in the mirrored activity log events.
Changes by third party plugins for which an extension is available are no longer muted when extension is not installed.
Removed border from the first time install wizard (minor UI improvement).
Support for X-ORIGINAL-FORWARDED-FOR HTTP header (more info in [support for WAFS & reverse proxies](https://wpactivitylog.com/support/kb/support-reverse-proxies-web-application-firewalls/))
Plugin now is using the new in-plugin pricing page.
A much improved default SMS alert and email notification template.
Revamped the connections and mirroring wizards and included connectivity tests in them.
Improved the external db connection (now it is a persistent connection).
Bug fixes
Critical error was being reported when the failed logins notification was triggered.
Fixed an unhandled exception which occurred when the free edition was activated on a site where the premium edition was already activated.
Events time stamp in emails was not always the same as in the activity log.
Event ID 2065 (modified content) was reported unnecessarily after adding a custom field to a post.
Event ID 1010 (user requested password reset) was not reported when the password reset was requested from a custom user profile page.
In some cases, archiving of the activity log could not be disabled.

4.2.1 (2021-03-16)
Release notes: WP Activity Log 4.2.1: Improved coverage & foundation work for 4.3

Improved activity log coverage
ID 6045: User changed the site language
ID 4029: Admin initatiated a user password reset
Improvements
Improved events definition (prep work for version 4.3).
Added the {meta} and {links} tags in email and SMS notifications.
Plugin reports email address used in failed login attempt instead of System.
Added nonce to daily email notification trigger to prevent possible CSRF issues.
Updated some plugin settings so they can be centrally managed from the Activity Log for MainWP extension.
Added more user privileges checks in the plugin (better restricted access to users who has read only access to the activity log).
Activity log extensions name is now displayed in admin notices.
Sorted the activity log extensions in alphabetical order in the plugin UI.
Improved the Search filters labels.
Bug fixes
Dates in reports were not being translated.
Some cron job data was left behind during uninstall.
A database entry was left behind during uninstall.
Site administrators could see some plugin pages on a multisite network (help and about).
Fixed some formatting issues with some of the event IDs.

4.2.0.1 (2021-02-12)
Bug fix
Menus sensor causing fatal error when there are changes in a menu (support tickets 1 & 2).