Title: ActivityPilot
Author: Piyush Asthana
Published: <strong>30 de mayo de 2026</strong>
Last modified: 30 de mayo de 2026

---

Search plugins

![](https://s.w.org/plugins/geopattern-icon/activitypilot.svg)

# ActivityPilot

 By [Piyush Asthana](https://profiles.wordpress.org/piyushmultidots/)

[Download](https://downloads.wordpress.org/plugin/activitypilot.1.0.0.zip)

 * [Details](https://es-pr.wordpress.org/plugins/activitypilot/#description)
 * [Reviews](https://es-pr.wordpress.org/plugins/activitypilot/#reviews)
 *  [Installation](https://es-pr.wordpress.org/plugins/activitypilot/#installation)
 * [Development](https://es-pr.wordpress.org/plugins/activitypilot/#developers)

 [Support](https://wordpress.org/support/plugin/activitypilot/)

## Description

ActivityPilot is an activity log and audit-trail plugin for developers, agencies,
and security-conscious site owners. Meaningful changes on your site — logins, content
edits, plugin and theme operations, role changes, high-impact options, integrations,
and more — are stored in a dedicated database table and shown in a modern admin 
timeline.

#### Privacy defaults

 * External-service features are **opt-in**.
 * Geolocation (`ip-api.com`) is **disabled by default** (`enable_geo = 0`).
 * Outbound webhooks (Slack/Discord/Teams/custom URL) are **disabled by default**
   until you enable them and provide destination URLs.
 * The plugin does not send data to third-party services unless you explicitly enable
   and configure those features.

#### Why use this plugin?

 * **Custom tables** — logs live in `{prefix}apwpm_activity_logs` (not post meta)
   with indexes for fast queries.
 * **Modern admin UI** — dashboard, timeline, filters, search, pagination, exports,
   dark mode, and keyboard shortcuts.
 * **Security-first** — capability checks, REST nonces, prepared SQL, output escaping,
   and optional sudo mode for destructive actions.
 * **Break detection** — spots error spikes and surfaces recent risky changes.
 * **Extensible** — REST API (`activitypilot/v1`), hooks, custom event registry,
   and PSR-3 adapter.

#### Core features

 * Activity logging for logins, posts, plugins, themes, users, roles, and important
   site options
 * Timeline view with avatars, severity colors, and structured context
 * Filters by user, action, object type, severity, date range, status, assignee,
   and search
 * CSV and JSON exports; daily retention pruning via cron
 * Email alerts when break detection finds unusual error activity
 * Workflow: acknowledge, resolve, snooze, assign, and comment on events
 * Smart insights: bursts, off-hours access, role escalation, and statistical spikes
 * Optional rollback for supported change types (sudo-gated)
 * Analytics heatmap, hour-of-day chart, and top users
 * Scheduled HTML digest reports (daily, weekly, monthly)
 * Multisite support with per-site tagging and network overview
 * Hash-chain integrity verification (optional)
 * File integrity monitoring, IP throttle, PII redaction, GDPR export/erase helpers
 * Integrations: WooCommerce, ACF, popular form builders, SEO plugins, page builders
 * Optional outbound webhooks (Slack, Discord, Microsoft Teams, generic URL)
 * WP-CLI: `wp apwpm list|count|verify|prune|purge|export|digest|scan-files`

#### For developers

Log custom events from your code:

    ```
    APWPM_Logger::log( array( 'action_type' => 'my_event', 'description' => 'Something happened' ) );
    ```

Filter hooks include `apwpm_skip_log`, `apwpm_pre_insert_row`, and `apwpm_register_event_types`.
The shorter `ap_*` hook names from earlier builds are still fired for backward compatibility.

### External services

This plugin can connect to third-party services **only when you enable the related
feature** and, for webhooks, when you provide URLs.

#### IP geolocation (optional)

When **Enable geolocation** is on, the plugin may send the visitor IP address to
[ip-api.com](http://ip-api.com/) to resolve country and city. No API key is required.
Results are cached in WordPress transients (about 24 hours). See the [ip-api privacy policy](https://ip-api.com/docs/legal)
for their terms.

 * Data sent: IP address (in the request URL).
 * When: On log insert for events that include an IP, if geo is enabled and not 
   already set.
 * Purpose: Display country/city on timeline rows and detect logins from new countries.

#### Outbound webhooks (optional)

When webhooks are enabled and URLs are saved in settings, the plugin sends HTTP 
POST requests to **your** endpoints (for example Slack, Discord, Microsoft Teams,
or a custom URL) when qualifying events occur.

 * Data sent: Event title, description, severity, site name, and related metadata
   you configure to receive.
 * When: After an event is logged that meets your minimum severity threshold.
 * Purpose: Notify external chat or monitoring systems.
 * Services/endpoints: Slack, Discord, Microsoft Teams, or any custom HTTPS endpoint
   that you explicitly configure.
 * Terms/privacy (when using those services):
    Slack: https://slack.com/terms-of-
   service , https://slack.com/privacy-policy Discord: https://discord.com/terms,
   https://discord.com/privacy Microsoft Teams (Microsoft): https://www.microsoft.
   com/servicesagreement , https://privacy.microsoft.com/privacystatement

Webhook delivery is fully optional and disabled by default. No webhook requests 
are sent until you enable webhooks and provide at least one destination URL.

The plugin does not include bundled third-party API keys. Geolocation and webhooks
are optional and disabled by default until configured by a site administrator.

## Installation

 1. Upload the `activitypilot` folder to `/wp-content/plugins/`.
 2. Activate the plugin through the **Plugins** screen in WordPress.
 3. Open **Activity Timeline** in the admin menu.
 4. Review **Settings** to choose what to track, retention, alerts, and optional features.

On multisite, network-activate for a shared log table under the network prefix.

## FAQ

### Will this slow down my site?

Writes go to an indexed custom table. Heavy hooks are limited to admin and logged-
in contexts where possible. Optional async batching groups writes at shutdown.

### Where are logs stored?

In `{prefix}apwpm_activity_logs`, with optional companion tables `{prefix}apwpm_comments`
and `{prefix}apwpm_views`. Data is not stored in `wp_postmeta`.

### Can I export or delete logs?

Yes. Export from the admin UI or REST API. Prune by age via settings, cron, or `
wp apwpm prune`. Full purge requires confirmation and sudo mode when enabled.

### Does it work on multisite?

Yes. Events are tagged with `blog_id`, and network admins get a network overview.

### Can I extend what gets logged?

Yes. Call `APWPM_Logger::log()` or register types on `apwpm_register_event_types`.
Use `apwpm_skip_log` to skip events and `apwpm_pre_insert_row` to adjust rows before
insert.

### Is the log tamper-proof?

When hash-chain mode is enabled, each row includes an HMAC chain. Run integrity 
checks from Site Health or `wp apwpm verify`. Append-only mode can block deletions
for compliance use cases.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“ActivityPilot” is open source software. The following people have contributed to
this plugin.

Contributors

 *   [ Piyush Asthana ](https://profiles.wordpress.org/piyushmultidots/)

[Translate “ActivityPilot” into your language.](https://translate.wordpress.org/projects/wp-plugins/activitypilot)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/activitypilot/), check
out the [SVN repository](https://plugins.svn.wordpress.org/activitypilot/), or subscribe
to the [development log](https://plugins.trac.wordpress.org/log/activitypilot/) 
by [RSS](https://plugins.trac.wordpress.org/log/activitypilot/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.0.0

 * Initial WordPress.org release.
 * Activity timeline with dashboard, filters, search, exports, and REST API (`activitypilot/
   v1`).
 * Break detection, smart insights, workflow (status, assignee, comments), and optional
   rollback.
 * Analytics, reports, multisite support, hash-chain integrity, and Site Health 
   checks.
 * Integrations, optional webhooks, geolocation, GDPR tools, file integrity monitoring,
   and WP-CLI commands.
 * Requires WordPress 7.0+ and PHP 7.4+.

## Meta

 *  Version **1.0.0**
 *  Last updated **9 horas ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 7.0 or higher **
 *  Tested up to **7.0**
 *  PHP version ** 7.4 or higher **
 *  Language
 * [English (US)](https://wordpress.org/plugins/activitypilot/)
 * Tags
 * [Activity Log](https://es-pr.wordpress.org/plugins/tags/activity-log/)[audit log](https://es-pr.wordpress.org/plugins/tags/audit-log/)
   [monitoring](https://es-pr.wordpress.org/plugins/tags/monitoring/)[security](https://es-pr.wordpress.org/plugins/tags/security/)
   [timeline](https://es-pr.wordpress.org/plugins/tags/timeline/)
 *  [Advanced View](https://es-pr.wordpress.org/plugins/activitypilot/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/activitypilot/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/activitypilot/reviews/)

## Contributors

 *   [ Piyush Asthana ](https://profiles.wordpress.org/piyushmultidots/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/activitypilot/)