WordPress.org

Ready to get started?Download WordPress

Forums

Wordfence Security
[resolved] Users logging in via email are showing as failed attempts, invalid usernames (3 posts)

  1. Alternatewords
    Member
    Posted 6 months ago #

    We just started allowing email logins on our ecourse site (via the WP Email Login).
    I've noticed that under Live Traffic > Logings and Logouts these (successful) logins are tracked as failed logins using an invalid username. I don't believe it is doing any harm (i.e. blocking users who might log in multiple times in a short period) but wanted to bring this to attention.

    http://wordpress.org/plugins/wordfence/

  2. Wordfence
    Member
    Plugin Author

    Posted 6 months ago #

    Thanks for reporting this. I'll investigate it. It may just be caused by the order in which our plugins run e.g. WP Email Login hooks into the login mechanism and if it detects a failed login it attempts to login again assuming it's an email address and we log it as failed in between those two steps. Will investigate.

    Thanks again,

    Mark.

  3. dkrahl
    Member
    Posted 6 months ago #

    Mark, we can confirm this behaviour with the same plugin combination. One additional info: logins are tracked as failed logins but email notifications show: "A user with username "xxxx" who has administrator access signed in to your WordPress site." xxxx is the username, not the email, although logins were made via email, not username.

    For several sites with approx 1K users each, we would like to know how (email or username) users try to log in for support reasons in case issues occur.

    Hope this helps,

Reply

You must log in to post.

About this Plugin

About this Topic