Simple History Blog

Log when a user enters a password on a password protected page

Over at the forums on there was a user who asked if it was possible to log whenever a user entered the password on a password protected page.

To add this kind of log to Simple History is easy, we just need to hook onto an admin filter and do some checks. The final answer, that I also posted to the user in the forums, was this:

// Log when a user enters something into the post password form.
// Both correct and incorrect usage is logged.
add_action( 'login_form_postpass', function() {
    $postPass = isset($_POST['post_password']) ? $_POST['post_password'] : null;

    if (!$postPass) {

    $urlPath = parse_url(wp_get_referer(), PHP_URL_PATH);
    $pageByPath = get_page_by_path($urlPath);

    if (!$pageByPath) {

    $correctPasswordEntered = ($pageByPath->post_password === $postPass);

    if ($correctPasswordEntered) {
            'A user correctly entered the password for page "{page_name}"',
            array('page_name' => $pageByPath->post_title)
    } else {
            'A user entered the wrong password for page "{page_name}"',
            array('page_name' => $pageByPath->post_title)

WP CLI command added and file edits now logged

WP CLI command to view user activity is now added to Simple History. The current support is pretty basic, but it’s a nice addition anyway I must say.

A simple wp simple-history list command will give you a listing of the latest events. You can also pass arguments count=20 to show 20 events instead of the default 10. And pass argument format=json to output the list in JSON format instead of the ASCII table.

Also in this version: theme file edits are logged, with a “quick diff” showing what’s been changed.

Support for Redirection plugin added

With over 600.000 active installs the Redirection plugin is a pretty popular WordPress plugin. So when there was a request for supporting it I agreed it would be a good idea to add support for it.

So in the latest version of Simple History there is now support for the plugin Redirection. The following things are logged:

  • Redirects created, changed, enabled or disabled
  • Groups that are created, changed, enabled or disabled
  • Global plugin settings

Here’s a screenshot of how it looks in action:


Available updates to WordPress, plugins and themes now logged

With the latest update of Simple History the log will show the available updates to plugins, themes and WordPress core that are found.

This is a great feature to have if you for example subscribe to the history RSS feed. You no longer need to manually check the updates-page to see if there are any updates.

Here you can see how it looks when an update to WordPress is found and then the update is installed. It’s all there in the history log:


And here’s how it can look in your RSS-reader when you get notified that WordPress has auto-updated:


Brute force attacks can make the log big – here’s why and how to stop it

In the support forum for Simple History some people have raised issues about the Simple History database tables are growing large. (For example this thread and this thread.

The reason for this is that Simple History is really good at logging things. So if your WordPress blog is getting a really big amount of brute force attacks, all those failed login attempts will be logged in Simple History. Nothing wrong with that, that’s the purpose of the plugin. But the number of rows can be huge – like over a million for some sites. And that can be an issue for some low cost hosts where you have a limited amount of storage/disk space.

Here’s what Simple History is doing to keep the database small – and a solution to keep the number of login attempts down to a minimum:

» Read full blog post

About Simple History

Simple History is an activity feed plugin for WordPress.