WordPress.org

Ready to get started?Download WordPress

Forums

WP Security Audit Log
[resolved] Not logging failed logins (6 posts)

  1. Marcus Downing
    Member
    Posted 10 months ago #

    Your documentation states that the plugin logs failed login attempts, but my experiments have failed to get it to happen. Is this a bug, or is there something else I need to do to enable WARNING messages to be logged?

    http://wordpress.org/plugins/wp-security-audit-log/

  2. WPWhiteSecurity
    Member
    Plugin Author

    Posted 10 months ago #

    Hi Marcus,

    Correct, it does log failed logins and it works for sure, as we have tested it properly.

    Do you have some plugin that hooks to the WordPress login page by any chance?

  3. Marcus Downing
    Member
    Posted 10 months ago #

    Further investigation shows that the "Better WP Security" plugin intercepts and replaces the wp_authenticate method. If BWPS has the "Login limits" option turned on (to protect against brute force attacks), then it doesn't fire the wp_login_failed action, instead sending it only to its own log (bwps_secure->logevent).

    So as far as I'm concerned this is a bug in Better WP Security, not in WP Security Audit Log at all.

  4. Marcus Downing
    Member
    Posted 10 months ago #

    (marking as resolved since it's the fault lies elsewhere)

  5. WPWhiteSecurity
    Member
    Plugin Author

    Posted 10 months ago #

    Hi Marcus,

    Thanks for looking into this issue yourself and for pointing out what the problem is.

    I agree with you, that this is an issue from Better WP Security.

    Thanks and have a great day.

  6. Marcus Downing
    Member
    Posted 10 months ago #

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.