Debug Logging

Troubleshooting 6 min read

Overview

When something goes wrong with AdminLocks, debug logs are the fastest way to identify the root cause. AdminLocks respects the standard WordPress debug configuration and adds its own structured logging layer on top. All AdminLocks log entries are prefixed with [AdminLocks] so they are easy to filter from the general WordPress debug log.

Enabling WordPress Debug Mode

To enable debug logging, add the following constants to your wp-config.php file, before the line that says "That's all, stop editing!":

define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', false );

With these settings:

  • WP_DEBUG enables WordPress debug mode, which causes PHP errors and warnings to be logged.
  • WP_DEBUG_LOG writes all debug output to wp-content/debug.log.
  • WP_DEBUG_DISPLAY set to false prevents errors from being displayed on screen, which is critical for production sites.
Production Sites

Always keep WP_DEBUG_DISPLAY set to false on production sites. Displaying debug output to visitors can expose sensitive information such as file paths, database credentials, and plugin internals.

AdminLocks Debug Log

When WP_DEBUG is enabled, AdminLocks writes detailed log entries for the following operations:

  • Policy evaluations — Which policy was applied, for which user, and what capabilities were affected.
  • Capability filtering decisions — Each time a capability is denied or allowed based on an active policy.
  • Cloud sync attempts — How many events were batched and sent, and whether the sync succeeded or failed.
  • Webhook events — Incoming webhook payloads, signature verification results, and processing outcomes.
  • Approval lifecycle — Approvals created, reviewed, expired, and their associated metadata.

All entries are written to the same wp-content/debug.log file as standard WordPress debug output. Look for lines prefixed with [AdminLocks].

Reading Log Files

You can read AdminLocks log entries through several methods:

Via SSH

Use tail with grep to follow AdminLocks entries in real-time:

tail -f wp-content/debug.log | grep AdminLocks

Via WP-CLI

Read the debug log and filter for AdminLocks entries:

wp eval 'echo file_get_contents(WP_CONTENT_DIR."/debug.log");' | grep AdminLocks

Via SFTP or File Manager

Download wp-content/debug.log and search for [AdminLocks] entries in your text editor. The log file shows timestamps, event types, and detailed context for each action.

Tip

The debug log can grow quickly on active sites. Consider rotating the log file periodically or using a log management tool. You can safely delete debug.log — WordPress will create a new one automatically.

Common Log Entries

Here are the most common AdminLocks log entries and what they mean:

Log EntryMeaning
[AdminLocks] Policy applied: client-mode-basic for user 5A policy was enforced for the specified user ID
[AdminLocks] Capability denied: install_plugins for user 5A specific capability was blocked by the active policy
[AdminLocks] Cloud sync: 12 events sentA batch of audit events was successfully synced to Cloud
[AdminLocks] Webhook received: update_policyAn inbound webhook was received and processed
[AdminLocks] Approval #42 expiredA pending approval was automatically expired by the cron task

Error-level entries include additional context such as HTTP response codes, error messages, and stack traces where applicable.

Gathering Diagnostics

When troubleshooting an issue or preparing a support request, gather the following information:

  1. WordPress version — Check under Dashboard > Updates or run wp core version.
  2. PHP version — Check under Tools > Site Health > Info or run php -v.
  3. AdminLocks version — Check under Plugins or run wp plugin get adminlocks --field=version.
  4. Active plugins list — Run wp plugin list --status=active to get a full list.
  5. Debug log entries — The last 50 lines of debug.log containing AdminLocks entries.
  6. AdminLocks settings — Screenshot or export from AdminLocks > Settings > General.
  7. Error messages — Any error messages displayed in the WordPress admin interface.
# Quick diagnostic commands
wp core version
php -v
wp plugin get adminlocks --field=version
wp plugin list --status=active --format=table
tail -50 wp-content/debug.log | grep AdminLocks
Note

If you cannot access WP-CLI, most of this information is available through the WordPress admin under Tools > Site Health > Info. You can copy the site health information to your clipboard with one click.

Support Requests

To get the fastest resolution from the AdminLocks support team, include the diagnostics listed above in your initial support request. This helps the team reproduce and diagnose the issue without back-and-forth exchanges.

Send your support request to support@adminlocks.com with:

  • Your site URL (or a staging URL where the issue can be reproduced).
  • A clear description of the issue, including steps to reproduce it.
  • The diagnostic information gathered above.
  • For Cloud-related issues, include your team ID from Settings > Cloud.
Security

Never include your Cloud API key in support emails. The support team can look up your account using your team ID or site URL. If you need to share log files, redact any API keys or passwords that may appear in the output.

Previous Performance Optimization