Audit Log
The Audit Log records every significant action that occurs within LicenceForge: licence validations, activations, deactivations, key rotations, webhook events, and administrative changes. It serves as both an operational debugging tool and a compliance record.
Database Schema
All log entries are stored in the wplf_audit_log table. The table schema is as follows:
| Column | Type | Description |
|---|---|---|
id |
BIGINT UNSIGNED |
Auto-incrementing primary key. |
action |
VARCHAR |
The action identifier (e.g., licence.validate, licence.activate, licence.deactivate). |
product_slug |
VARCHAR |
Slug of the product involved in the action. May be NULL for non-product-specific events. |
license_id |
BIGINT UNSIGNED |
ID of the licence involved. May be NULL for system-level events. |
site_origin_hint |
VARCHAR |
The site origin that triggered the action (e.g., https://client-site.com). |
outcome |
VARCHAR |
Result of the action: success or failure. |
ip_hash |
CHAR(16) |
SHA-256 hash of the requesting IP address, truncated to 16 characters. See IP Privacy. |
metadata |
LONGTEXT |
JSON-encoded additional context (error messages, version numbers, request details). |
created_at |
DATETIME |
UTC timestamp of when the event occurred. |
Browsing the Log
The audit log screen displays entries in reverse chronological order (newest first). A pagination bar at the bottom shows the current range, for example: Showing 1–20 of 1,542 entries.
Search
Use the search field at the top of the log to filter entries. You can search by:
- Action — enter an action identifier such as
licence.activateorwebhook.stripe. - Product slug — enter a product slug to see all events related to that product.
Table Columns
Each row in the audit log table presents the following columns:
| Column | Display |
|---|---|
| Time | Human-readable relative time generated by human_time_diff() (e.g., "5 minutes ago", "2 hours ago"). The full UTC timestamp is shown on hover via a title attribute. |
| Action | The action identifier displayed in a <code> element for clarity (e.g., licence.validate). |
| Details | A summary of contextual data: product slug, licence ID, site origin, and any relevant metadata fields. |
| Outcome | A colour-coded badge: green for success, red for failure. |
IP Privacy
LicenceForge does not store raw IP addresses. Instead, the requesting IP is passed through WPLF_Crypto::hash_ip(), which computes a SHA-256 hash and stores only the first 16 characters.
// Simplified representation of the hashing process
$ip_hash = substr( hash( 'sha256', $ip . $salt ), 0, 16 );This approach allows you to correlate multiple requests from the same origin without storing personally identifiable information. The hash is one-way and cannot be reversed to recover the original IP address.
GDPR compliance
By hashing IP addresses, LicenceForge avoids storing personal data in the audit log, simplifying compliance with data protection regulations. The salt is unique per installation and is generated during plugin activation.
Retention Policy
Audit log retention is configurable via the wplf_audit_retention_days setting.
| Setting | Default | Minimum | Maximum |
|---|---|---|---|
wplf_audit_retention_days |
90 days | 7 days | 365 days |
Records older than the configured retention period are permanently deleted by the daily maintenance cron job. The cleanup runs automatically alongside other maintenance tasks such as analytics pruning and expired licence handling.
Irreversible deletion
Once the maintenance cron deletes audit log entries, they cannot be recovered. If you need long-term records for compliance, set the retention to 365 days or export data regularly.
Configuration
To change the retention period:
- Navigate to LicenceForge > Settings.
- Locate the Audit Log Retention field.
- Enter a value between 7 and 365 (days).
- Save settings. The new retention period takes effect on the next daily cron run.
Alternatively, set the value programmatically:
update_option( 'wplf_audit_retention_days', 180 );