WordPress.org

Ready to get started?Download WordPress

Forums

IP address in 'Password Lost/Changed' (2 posts)

  1. ethicalhack3r
    Member
    Posted 4 years ago #

    Hello,
    Rcently my blog was compromised. The attacker changed my password via the admin panel after gaining access. I recived the 'Password Lost/Changed' email notifying me of his action.

    It would have been helpful if the email sent after the password being reset contained the IP address of the person doing so.

    I tried to do this myself however don't think it has worked.

    In file /wp-includes/pluggable.php:1144
    Change to:
    $message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n" . "IP: " . $_SERVER['REMOTE_ADDR'];

    Thank you,
    Ryan

  2. jirikai
    Member
    Posted 4 years ago #

    I could use this too!

    Recently I have had an individual spend at least 30 minutes each day sending password resets to not only my account, but others aswell. very annoying.

    this individual is also attacking any and all accounts he can on external sites using the site's contact e-mail address.

    If there is a way to get the Ip sent aswell as the reset request i would very much appreciate it. i can then block the Ip and forward it to the external sites such as facebook and twitter to see that they are aware of what is happening.
    Why someone would want to do this is beyond me. maybe a disgruntled visitor? who knows. All i do know is that it is extremely annoying. please assist.

Topic Closed

This topic has been closed to new replies.

About this Topic