IP address in ‘Password Lost/Changed’

  • ethicalhack3r

    (@ethicalhack3r)


    14 years, 3 months ago

    Hello,
    Rcently my blog was compromised. The attacker changed my password via the admin panel after gaining access. I recived the ‘Password Lost/Changed’ email notifying me of his action.

    It would have been helpful if the email sent after the password being reset contained the IP address of the person doing so.

    I tried to do this myself however don’t think it has worked.

    In file /wp-includes/pluggable.php:1144
    Change to:
    $message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n" . "IP: " . $_SERVER['REMOTE_ADDR'];

    Thank you,
    Ryan

Viewing 1 replies (of 1 total)
  • jirikai

    (@jirikai)

    14 years, 2 months ago

    I could use this too!

    Recently I have had an individual spend at least 30 minutes each day sending password resets to not only my account, but others aswell. very annoying.

    this individual is also attacking any and all accounts he can on external sites using the site’s contact e-mail address.

    If there is a way to get the Ip sent aswell as the reset request i would very much appreciate it. i can then block the Ip and forward it to the external sites such as facebook and twitter to see that they are aware of what is happening.
    Why someone would want to do this is beyond me. maybe a disgruntled visitor? who knows. All i do know is that it is extremely annoying. please assist.

Viewing 1 replies (of 1 total)
  • The topic ‘IP address in ‘Password Lost/Changed’’ is closed to new replies.