Logging levels (also called Severity) are part of Activity Log Pro 1.0.7+ in the free plugin. Every activity row stores one of five levels — Critical, High, Medium, Low, and Info — so you can spot important events at a glance, filter the admin log, and carry the same classification into exports and secure JSON / RSS feeds.
Why Severity exists
Not all log lines are equally important for security or operations. Severity gives each entry a consistent priority so you can:
- Scan the log table for colour-coded badges
- Use the Severity filter together with your other filters
- Share exports or feeds where downstream tools can sort or alert on level
Levels are assigned by the plugin when the event is recorded. You do not set severity manually on each row.
The five levels (what they mean)
| Level | Meaning (at a glance) |
|---|---|
| Critical | Highest impact — permissions, destructive or install-level changes, or other events you should treat as urgent. |
| High | Important account or site changes — new users, password or credential events, theme/plugin lifecycle (except routine updates), WordPress core changes. |
| Medium | Notable but not always urgent — post/page status changes and permanent deletes, failed logins, some taxonomy removals. |
| Low | Day-to-day editorial and configuration work — content edits, media, menus, many options, theme customizer, routine theme/plugin updates, logouts. |
| Info | General or low-risk activity — default for events that use the standard logger without an explicit level, widget and comment events, and legacy rows (see below). |
In the admin UI, hover the ? next to the Severity filter to see the same short definitions the plugin ships with (aligned with the tooltips in the log screen).
Examples of what is logged at each level
The plugin assigns severity from the event type. Typical mappings include:
Critical
- User role change
- Plugin installed or deleted (including deletion via the upgrader)
High
- New user registered
- User deleted
- Password changed or password reset completed (after a successful reset)
- Plugin activated or deactivated
- Theme switched, activated, installed, or deleted
- WordPress core updated / database upgraded (core-related high-impact events)
Medium
- Post / page / CPT status transitions (publish, trash, restore, and other status changes) logged via
transition_post_status - Permanent post deletion (separate from “moved to trash”)
- Failed login attempts (existing and non-existing usernames, subject to your flood-guard settings)
- Category deleted
Low
- User profile updates (when not password or role)
- User logout
- Custom post type create/update (non–status-only paths)
- Media uploaded, updated, or deleted
- Plugin updated (version bump, not fresh install)
- Theme updated (version bump)
- Theme customizer saved
- WordPress options changed (tracked option events)
- Navigation menus created, updated, or deleted
- Tags created, updated, or deleted; categories created or updated
- Tag deleted (tag removal is Low; category removal is Medium)
Info
- Successful user login rows written through the database login helper (severity comes from the column default when not passed explicitly)
- Comments (created, updated, status changes, trashed, spammed, deleted, etc.) when logged through the comment logger without an explicit level
- Widgets added, removed, or updated
- Any custom or integration code that calls
log_activitywithout passing severity (the logger defaults to Info) - All historical rows after upgrading to 1.0.7 until new events are written (existing rows use the default Info; see changelog / upgrade notes)
Exact behaviour can evolve slightly by release; when in doubt, use the Severity column and entry detail panel for the stored value.
Badges in the activity log
Each row shows a Severity column with a badge:
- Uppercase label, compact padding, rounded corners
- Colour by level (admin CSS classes
alp-severity-criticalthroughalp-severity-info): dark red (Critical), red (High), amber (Medium), blue (Low), light grey (Info)
Opening Complete Log Entry Details shows the same severity again: a small badge in the title area and Severity in the field list, using the same colours for consistency.
Filtering by severity
On Activity Log Pro → Activity Log (or your main log screen):
- Use the Severity dropdown (values: Critical, High, Medium, Low, Info).
- Combine it with date, user, event type, text search, etc., as you already do.
- Leave Severity unset to show all levels.
This uses the stored severity value in the database for each row.
Exports and secure feeds
Where your export or feed includes log columns, severity is included in a readable form:
- CSV / TXT / HTML exports — a Severity column with the human-readable label
- JSON export — a
severityfield with the label - RSS (secure feed) — severity is exposed for consumers that support it
Premium Log Channels can also forward severity in outbound payloads where the channel supports structured fields (see Log Channels and integration-specific guides).
Tips
- Use Critical + High filters during incident review or after unexpected admin activity.
- Pair Medium with Failed login style events when tuning security monitoring.
- Remember Info is broad: it includes benign traffic (logins, comments) and legacy data — use other columns (user, IP, object) for context.
Frequently asked questions
Is Logging Levels a Premium-only feature?
No. Severity is stored and shown in the free plugin from 1.0.7; Premium adds other capabilities (for example Log Channels) but does not gate the basic severity column, filter, or exports.
Can I change severity after the fact?
Not in the UI. Severity reflects how the plugin classified the event when it was recorded.
Why do old lines all say Info?
On upgrade, existing rows receive the default stored severity (Info) when the new column is added. Only new events get the full classification.
Do failed logins respect the Flood Guard?
Yes. When the Flood Guard suppresses repeated failures, those attempts may not create new rows; severity applies only to rows that are actually logged.