XeroWP
Activity Guard – Security Scanner, Activity Log with IP blocking
Activity Guard – Security Scanner, Activity Log with IP blocking

Activity Guard – Security Scanner, Activity Log with IP blocking

5/5 (4 ratings) 40 active installs Updated Jun 16, 2026
IP-blockingslack notificationstelegramvulnerability scannerwoocommerce analytics
Download v3.11.3 Plugin Website
Security Dashboard: real-time overview of blocked IPs, threat activity, and security events.

Security Dashboard: real-time overview of blocked IPs, threat activity, and security events.

Activity Guard is a free WordPress plugin that covers four things most plugins charge separately for: a complete activity log, an IP-based security firewall, a plugin vulnerability scanner, and WooCommerce abandoned cart analytics. Alerts go out in real time to Slack, Telegram, or email.

Most activity log plugins stop at logging. Most security plugins don’t touch WooCommerce. Activity Guard does all of it in one dashboard, so you’re not juggling four separate plugins or paying for features that should come standard.

Activity Guard Website | Documentation | Pro Support

What Makes Activity Guard Different

Other free activity log plugins make you upgrade for Slack alerts, security scanning, or WooCommerce tracking. Activity Guard ships all of it for free, including Telegram notifications, IP firewall with emergency session shutdown, plugin CVE scanning, and WooCommerce incomplete-order analytics.

No other free plugin on WordPress.org combines these four in one place:

  • Complete activity log with charts and visual summaries
  • IP firewall with manual blocking, CIDR ranges, and conditional rules
  • Plugin vulnerability scanner cross-referencing NVD, WPVulnerability.net, and the WPAzleen private API
  • WooCommerce analytics including abandoned cart recovery rate tracking

WordPress Activity Log

Activity Guard records every meaningful change on your site, including the IP address, username, timestamp, and the exact change made. The log covers:

  • User logins, logouts, and failed login attempts
  • User registrations, role changes, and profile edits
  • Pages, posts, and custom post types: create, edit, delete, status changes
  • Plugin and theme activations, deactivations, updates, and deletions
  • WordPress core settings and configuration changes
  • Menu, widget, and sidebar modifications
  • Email delivery tracking (email log)
  • Form submissions from Contact Form 7, SimpleForm, and others
  • Admin settings changes and debug log events
  • Cron job scheduling and background process tracking
  • Script modification and file change detection
  • Visitor traffic monitoring with an on/off toggle

Visual charts summarize your audit log at a glance. No need to scroll through raw log tables to understand what’s happening on your site.

Security Firewall and IP Blocking

Activity Guard actively blocks threats rather than just recording them after the fact.

  • IP blocking by manual entry, CIDR range, or conditional rule
  • Emergency shutdown: force-logout every active session on your site with one click
  • Cloudflare Turnstile login protection against bots and brute force attacks
  • Login rate limiting to stop credential-stuffing
  • Bot detection and automatic IP blocking
  • Restrict or fully disable XML-RPC access
  • Core file integrity scanner to detect unauthorized file changes
  • File integrity monitoring across plugins and themes
  • Block TOR network access
  • Block vulnerability scanner user agents
  • HTTP security headers: custom, logged, and enforced
  • WordPress version hiding
  • 404 error tracking and suspicious HTTP request alerts
  • Admin dashboard visitor tracking
  • Cron job failure and site downtime monitoring

The Emergency Shutdown feature is specific to Activity Guard: one click and every logged-in session on your site ends immediately. Useful when you detect a breach in progress and need everyone out now.

Plugin Vulnerability Scanner

Activity Guard scans every installed plugin and theme against multiple vulnerability databases before problems develop:

  • Detect plugins with known CVEs across NVD, WPVulnerability.net, and the WPAzleen private API
  • Flag outdated plugins not compatible with your WordPress version
  • Identify abandoned plugins (not updated in over a year)
  • Warn about plugins with low install counts or poor ratings

No other free activity log plugin on WordPress.org includes a built-in multi-database vulnerability scanner.

WooCommerce Activity Log and Analytics

Activity Guard logs every WooCommerce event and adds analytics built specifically for store owners.

Order tracking covers status changes, payments, refunds, and cancellations. You also get stock level changes and low-stock events, coupon creation and usage, product pricing edits, billing and shipping address updates, customer registration changes, and real-time shipping status updates.

The abandoned cart and incomplete-order analytics go further than basic logging. The dashboard shows checkout drop-off rates, recovery potential, recovery rate, and how customers interact with their carts before leaving. This helps you understand where revenue is being lost, not just that it was lost.

WooCommerce abandoned cart analytics with recovery rate tracking is included free. No competing free activity log plugin on WordPress.org provides this.

Slack and Telegram Notifications

Activity Guard sends alerts the moment a critical event occurs, across four channels:

  • Slack: route alerts to any channel, tag specific users or groups with @mentions
  • Telegram: real-time activity and security alerts direct to your Telegram chat
  • Email: configurable per event type
  • Admin dashboard: in-panel notification view

Events that trigger alerts include core file changes, plugin and theme updates (with the username that triggered the update), WooCommerce orders, payments, coupon usage, incomplete order follow-ups, product edits, stock changes, login and registration events, page and post changes, form submissions, and admin settings changes. A daily digest and weekly plugin download summary are also available.

You can schedule notifications for specific times and control exactly which events send alerts.

Admin and Developer Tools

  • Maintenance mode toggle from the dashboard
  • Menu and widget change tracking
  • Plugin and theme activation and deactivation logs
  • Script modification detection
  • HTTP security header change logging
  • Debug log and fatal error detection
  • Email log: full delivery history for all outgoing WordPress emails
  • Contact Form 7 and SimpleForm integration alerts

Who Uses Activity Guard

WooCommerce store owners use it to track every order, coupon, product change, and shipping event, and to recover revenue with abandoned cart analytics. Site administrators use it to know exactly who changed what, instantly log out suspicious users, and maintain a clean audit trail. Agencies and developers use it to monitor plugin updates, configuration changes, fatal errors, and debug logs across client sites. Security-focused admins use it to block IPs, scan for CVEs, monitor file integrity, and trigger emergency shutdowns. Multi-author sites use it to hold contributors accountable with full user activity logging and role-change tracking.

Join us: Facebook | YouTube | X / Twitter

External Services

Slack Webhook Integration

Activity Guard sends notifications to your Slack workspace using a Slack incoming webhook URL that you provide. To set one up:

  1. Create a Slack app or use an existing one
  2. Enable Incoming Webhooks in the app settings
  3. Add a webhook to your workspace
  4. Paste the webhook URL into Activity Guard settings

Cloudflare Turnstile

Activity Guard uses Cloudflare Turnstile for login bot protection. See Cloudflare’s privacy policy for details.

Plugin Vulnerability Scanner – Data Sources

  • WordPress.org Plugin API: retrieves plugin metadata including latest version, last updated date, rating, and active install count. Privacy Policy
  • WPAzleen API: private endpoint for known vulnerabilities by plugin and version. No sensitive data is transmitted. Privacy Policy
  • WPVulnerability.net: public API for CVE-based vulnerability data. Privacy Policy
  • National Vulnerability Database (NVD): official CVE data from NIST. Privacy Policy

All scans run locally using public metadata and vulnerability feeds. Activity Guard does not collect, store, or transmit any personal information during scans.

Freemius

Activity Guard uses the Freemius SDK for optional telemetry. No data is collected by default. Data collection only starts after you explicitly confirm in the admin notice. See the Freemius FAQ for details.

WPAzleen Settings API

Loads display settings for the Pro upgrade modal in the plugin admin area.

WPAzleen Privacy Policy

Source Code

The source files for all compiled/minified JavaScript and CSS in this plugin are publicly available at:

https://github.com/wpazleen/activity-guard

Build instructions:

  1. Clone the repository or direct visit the src directory.
  2. Run npm install in the root to install dependencies.
  3. Run npm run build to compile the JavaScript and CSS assets.
  4. The compiled files are output to build/.