Everything you'd want to know before you install.
A detailed look at how Back-Office Audit Log — Traceability & Compliance for PrestaShop 8 & 9 works, why we built it the way we did, and the thinking behind the features above.
Why a back-office audit log
As soon as a store involves several employees, contractors or agencies, one question keeps coming back: who changed this price, deleted this order or altered this setting? Without an audit trail, a mistake or a malicious action stays invisible. The audit log records every back-office action so you can answer in seconds — a security prerequisite and a pillar of GDPR compliance (accountability and traceability of processing).
The before/after detail, not just the event
Most logs only state that an object was modified. This module goes further: for every change it compares the before and after state and records the exact list of changed fields, with the old and new value. You see precisely that the price went from €19.90 to €24.90 or that the stock was reset to zero, and by whom.
Every entity, without touching the core
The module relies on the generic ObjectModel hooks present in PrestaShop 8 and 9. It therefore captures every entity — products, combinations, categories, orders, customers, addresses, employees, profiles, carriers, taxes, CMS pages, configuration — without any override or core modification. You choose precisely which entities to monitor from the configuration page.
Login and sensitive-data security
Beyond data changes, the module logs each employee's session start and — on the classic PrestaShop 8 login controller — failed attempts and logouts. Sensitive fields (passwords, webservice keys, tokens, API keys) are never stored in clear text: they are automatically masked in the log.
Compliance, retention and export
The log keeps the employee's name even after deletion, guaranteeing a durable audit trail. An automatic daily purge removes entries older than the retention period you define (365 days by default, or unlimited). The Excel-compatible UTF-8 CSV export lets you provide your audit evidence to an auditor, a DPO or a security reviewer.
Performance and robustness
All log writes are done in direct SQL, without going through ObjectModel: no risk of hook recursion, and the audit can never interrupt a business operation (any write errors are silent). A safeguard limits the volume of entries per request to preserve performance during imports or mass operations.
There are no reviews yet.