WordPress.org

Ready to get started?Download WordPress

Forums

ThreeWP Activity Monitor
Not displaying failed logins (5 posts)

  1. b-cat
    Member
    Posted 1 year ago #

    Thanks for a great, simple plugin.

    I've been using this plugin for awhile with no issues, and maybe I have no issue now...but I'm not sure.

    The plugin has been detecting some brute force attempts to guess the "admin" login password from around the world, and I haven't seen any attempted logins lately (hopefully because my security measures are working!).

    To double check whether ThreeWP Activity Monitor is still working, I tried logging in with a bogus admin username and password, and my login was rejected, but the attempted login was NOT RECORDED by ThreeWP Activity Monitor!

    The monitor is still showing when I properly log in and out, but it seems not to show my own bogus login tests. Is it somehow not recording those things because it knows what IP I'm trying to log in from? Why would the failed logins NOT show up in the Activity Monitor? It's only showing my successful logins and logouts.

    Thanks.

    http://wordpress.org/extend/plugins/threewp-activity-monitor/

  2. b-cat
    Member
    Posted 1 year ago #

    This is an update to the above question.

    All the problems described above remain the same. The plugin logs all valid logins and logouts, but it does not show anything when I deliberately attempt a bad login. Why not?

    However, my bad logins are recorded by Better WP Security, and also by Wordfence. So why are the bad logins not showing up in ThreeWP Activity Monitor?

    To make this even more strange, when I log out and don't visit the site's admin panel for several hours, it appears that ThreeWP DOES record bad logins from brute force attacks from obscure countries around the world. Okay, that's good! But why does it not record my own bad logins when I am trying to test the plugin? Very strange.

  3. Ov3rfly
    Member
    Posted 1 year ago #

    What happens if you disable Better WP Security and Wordfence?

  4. b-cat
    Member
    Posted 1 year ago #

    No change after disabling Wordfence. However, when I disable Better WP Security, the problem appears to go away. I can now see all the bad logins!

    This is kinda strange, since ThreeWP had been previously working just fine alongside BWPS for a long time, so I'm not sure why they are conflicting now.

    I intend to continue using BWPS, so I'd like to figure out how to fix the conflict with ThreeWP. Are there any settings in BWPS that you think I should turn off (or on) to prevent the apparent conflict with ThreeWP (or vice versa)?

    Thanks.

  5. b-cat
    Member
    Posted 1 year ago #

    I found a sort of solution, and maybe this info will help other people, too.

    I have turned off the the function in Better WP Security that relates to limiting login attempts (under the Login tab in BWPS), and now ThreeWP is working properly ... and BWPS is also working (but without the login limits features).

    To get some login limiting features, I next installed Limit Login Attempts plugin, which seems to duplicate most of the login limit features of BWPS. I also found a plugin called Whitelist IP for Limit Logins Attempts, which allows you to whitelist your own IP address (or others) so you won't get locked out of your own system by the Limit Login Attempts plugin.

    And ThreeWP appears to still be working properly now, so I'm happy!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic