Found the fix at around line 1700, I now officially love this plugin.
It’s quite interesting to see what the hackers are coming up with (getting like 50 emails per day) 🙂
This change will not be added to the plugin since it can open a vector of attack against legitimate users. Let alone, the email would include only the password being used in the most recent login attempt.
Yeah, I can imagine, I am usually the only user though, so there’s no users getting poked. I do have a good time looking at the “attempts” at breaking in (I have it set to 1, so i get them all).
12345, anthony, aaaaaa, maggie, matthew, qazwsx, …
It’s fun.
Yeah, it is interesting / funny to watch.
Maybe just enable this feature if a “secret” file is present? 😀
Otherwise i’ll just have to cron fixing that file on each upgrade/machine or something 🙂
@domenlo you might want to look at ThreeWP Activity Monitor it currently displays attempted passwords within the log – along with other activity. However it does not email attempted passwords.
@domenlo:
I noted this question on StackExchange might also be of reference:
Is it common practice to log rejected passwords?
And as usual this XKCD entertains: Password Reuse