WordPress.org

Ready to get started?Download WordPress

Forums

Login Security Solution
[resolved] Emailing the password (8 posts)

  1. DomenLo
    Member
    Posted 1 year ago #

    Howdy. I'm really impressed by this featureset, especially the emailing of security breakin attempts.

    One question - is it possible to not use md5 in the email, so I can see what they're trying to come up with?

    Thanks!

    http://wordpress.org/extend/plugins/login-security-solution/

  2. DomenLo
    Member
    Posted 1 year ago #

    Found the fix at around line 1700, I now officially love this plugin.

    It's quite interesting to see what the hackers are coming up with (getting like 50 emails per day) :)

  3. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    This change will not be added to the plugin since it can open a vector of attack against legitimate users. Let alone, the email would include only the password being used in the most recent login attempt.

  4. DomenLo
    Member
    Posted 1 year ago #

    Yeah, I can imagine, I am usually the only user though, so there's no users getting poked. I do have a good time looking at the "attempts" at breaking in (I have it set to 1, so i get them all).

    12345, anthony, aaaaaa, maggie, matthew, qazwsx, ...

    It's fun.

  5. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Yeah, it is interesting / funny to watch.

  6. DomenLo
    Member
    Posted 1 year ago #

    Maybe just enable this feature if a "secret" file is present? :D

    Otherwise i'll just have to cron fixing that file on each upgrade/machine or something :)

  7. Dean Taylor
    Member
    Posted 1 year ago #

    @DomenLo you might want to look at ThreeWP Activity Monitor it currently displays attempted passwords within the log - along with other activity. However it does not email attempted passwords.

  8. Dean Taylor
    Member
    Posted 1 year ago #

    @DomenLo:

    I noted this question on StackExchange might also be of reference:
    Is it common practice to log rejected passwords?

    And as usual this XKCD entertains: Password Reuse

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.