WordPress.org

Ready to get started?Download WordPress

Forums

Security : Who is doing what? (11 posts)

  1. Massyn
    Member
    Posted 7 years ago #

    Hi all. From a security point of view, it seems WordPress doesn't have any auditing. I'd like to know who is doing what, and especially who is logging on, and who failed to log on. Currently I have no visibility of any brute force attack on my WordPress system.

    Is there a plug in that I could load that will keep an audit trace on my WordPress system?

    Thanks!

  2. Massyn
    Member
    Posted 7 years ago #

    No takers?

  3. Aleister
    Member
    Posted 7 years ago #

    Nice idea - I will look into that one :) At least something to keep track of logins and failed attempts.

  4. Aleister
    Member
    Posted 7 years ago #

    Things are looking good - I have the plugin currently logging all login attempts, as well as attempts to use the lost password form. Now I just need to get it to log a few more useful things :)

  5. Aleister
    Member
    Posted 7 years ago #

    The plugin is just about complete, but there is still more to be done. Here is some sample data from the log file. It should be pretty self-explanatory:

    LOGIN ATTEMPT [user: ] [pass: NO]
    ERROR: The username field is empty. ERROR: The password field is empty.
    LOGIN ATTEMPT [user: test] [pass: NO]
    ERROR: The password field is empty.
    LOGIN ATTEMPT [user: test] [pass: YES]
    ERROR: Invalid username.
    PASS RECOVERY ATTEMPT [login: test] [email: test@test.net]
    ERROR: Invalid username / e-mail combination.
    LOGIN ATTEMPT [user: admin] [pass: YES]
    LOGIN SUCCESS [user: admin]

    Each line is prefixed with the date, time, and ip of visitor of course.

    Right now logging is just done to a data file, but a table in the database is certainly an option. I was also thinking about a nice log viewer in the admin panel.

    So does anyone think they would find this useful? If so, I will continue with it :)

  6. justinratwebtek
    Member
    Posted 6 years ago #

    Run with it - I'd use it. Lord knows I can't stand logging into my domain control panel to view Apache logs to see whats going on.

    Are you also adding logging for Post history?

  7. Aleister
    Member
    Posted 6 years ago #

    Post history is a good idea as well. I suppose I could set up options so the user can decide what gets logged.

    I am certainly going to continue with this - once I get a few other things finished up :) Stay tuned!

  8. Michael
    Member
    Posted 6 years ago #

    I wrote a plugin a while ago that will do this for you.

    http://wordpress.org/extend/plugins/bluetrait-event-viewer/

  9. Aleister
    Member
    Posted 6 years ago #

    Well, where were you when I first noticed this post? :P

    j/k - Nice work! :)

  10. LostInNetwork
    Member
    Posted 6 years ago #

    Also take a look at Audit Trail.

    http://urbangiraffe.com/plugins/audit-trail/

  11. Massyn
    Member
    Posted 6 years ago #

    Sweet... Thanks for that. I'd most definitly check out these two plugins..

Topic Closed

This topic has been closed to new replies.

About this Topic