All audit endpoints are available since v1.4.0.
GET /audit
Returns paginated audit log entries in reverse chronological order. Supports filtering by action type, user, and date range.Parameters
Page number. Defaults to
1.Results per page. Defaults to
50, maximum 200.Filter by a specific action slug (e.g.
plugin.activated, user.login). Use GET /audit/action-types for a list of available values.Filter by WordPress user ID.
Start of the date range in
Y-m-d format. Entries on or after this date are included.End of the date range in
Y-m-d format. Entries on or before this date are included.Response
Total number of matching log entries.
Current page number.
Results per page.
Total number of pages.
DELETE /audit/clear
Permanently deletes all audit log entries.Response
Always
true on success.POST /audit/export
Exports all audit log entries as a CSV file and stores the result in a short-lived transient (120 seconds). Returns a signed download URL.Response
Always
true.A time-limited URL to download the CSV export. Expires after 120 seconds.
GET /audit/download
Streams the exported CSV generated byPOST /audit/export. The response is a CSV file download, not JSON.
Use the
download_url returned by POST /audit/export directly — it includes the required key and _wpnonce query parameters.Parameters
The one-time download key returned by
POST /audit/export.GET /audit/action-types
Returns a list of all distinct action type slugs present in the current audit log. Use these values as theaction_type filter parameter for GET /audit.
Response
Sorted array of distinct action slug strings present in the log (e.g.
["backup.created", "plugin.activated", "user.login"]).