WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: WassUp] Logged in users not recorded? (5 posts)

  1. ndna
    Member
    Posted 6 years ago #

    Hi everyone,
    I'm using both WassUp and Members Only at the same time.

    [Plugin: Members Only] Is there any way to bypass?

    Hi, I'm using WP 2.6 and Members Only 0.6.5 (both are latest)
    I'm also using WassUp plugins to track visitors and also the logins.

    However, I notice something strange: there are IPs which are not logged in (Username not shown), but still visiting pages. Look at this:

    118.71.171.80 2008-07-31 20:13:40
    /wp/D06TransTeam/
    Referrer: Direct hit
    Hostname: adsl-dynamic-pool-xxx.fpt.vn

    * User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1

    * vn OS: WinXP
    * BROWSER: Firefox 3.0

    * 20:11:06 ->/wp/D06TransTeam/wp-login.php?redirect_to=/wp/D06TransTeam/
    * 20:11:18 ->/wp/D06TransTeam/wp-login.php
    * 20:11:28 ->/wp/D06TransTeam/wp-login.php
    * 20:12:59 ->/wp/D06TransTeam/?p=156
    * 20:13:40 ->/wp/D06TransTeam/?p=158

    p=XXX is my blog entries.
    He/She is even visiting the latest entry, which I wrote AFTER fixing security measures mentioned in the WP Security Scan Plugin. The post ID 158 is entered, so he/she must know before hand that that post exists.
    I don't know why this happens. The IP is of another ISP in MY COUNTRY, so it's not some function from my plugin or anything else.
    This is too dangerous.

    My blog is a kind of private one, and some information are not meant to be shared outside the company. I've taken this into more thoughts, and also notice that those IP not recognized as users also sometimes visit the LOGOUT link. If they are not logged in users, why do they have to logout? Also, I've asked some friend goot at computer and try to find the way to break into my blog, but no way has been found out of the ordinary ways (and also tested at some advanced way). So this must be the problem of the WassUp logging system itself. Maybe it couldn't recognized some legitimate logged in users?
    Thanks for reading. Hope someone knows the answer soon.

  2. ndna
    Member
    Posted 6 years ago #

    Oh, in the quote I've included my post in the Members Only report thread. But now seems like it's not MO's problem, I think we should discuss it here. Thanks again.

  3. hellioness
    Member
    Posted 6 years ago #

    I am not familiar with "Members Only", but I suspect that that plugin uses it's own custom login/logout functions instead of WordPress' standard login/logout. WassUp uses the WordPress function, "wp_get_current_user()", to identify logged in users. If users don't log in via WordPress' standard login or if their alternate login method does not properly set WordPress' user cookie and data, then "wp_get_current_user()" won't be accurate, and neither will WassUp.

  4. ndna
    Member
    Posted 6 years ago #

    It is a plugin which only checks for the login status of a visitor, if he is not logged in he will be redirected to the login page. I don't think it modifies the cookie or the login page in any way.

    however your saying cookie data is a possibility, I'll try to check if any plugins does this.

    Anyway, other things I notice: WassUp tends to group all the information of one same IP, for example I my username logged in from 123.123.123.123 and ABC also logs in from 123.123.123.123, our records seems to be mixed together, and maybe that is one of the reasons why WassUp cannot recognise properly

  5. ndna
    Member
    Posted 6 years ago #

    Oh, is this compatible with AUTH_KEY? Anyone confirms?

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags