Tracking User login Activity

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Pär Thernström

    (@eskapism)

    1 year, 6 months ago

    Sorry to hear that you got hacked. I can not directly explain this because there are so many factors involved. Like, what WordPress version did you use, what server, what plugins, and so on.

    Since WordPress does not have any built in way to limit logins by email address I’m guessing that you have some other plugins installed that modify login and user behavior?

    Also, the way the hacked was able to gain entry to your site and what and how they modified content may affect the way that the login is detected. They could for example have gained access to the server directly and there used wp-cli to run commands and also directly modify the database to hide their doings.

    Simple History catches login attempts (both successful and failed) using different filters. In this recent support thread I listed what filters are used: https://wordpress.org/support/topic/tracking-down-failed-login-attempts/#post-18045205

    Thread Starter Jessica

    (@leadstartorg)

    1 year, 6 months ago

    Again, I only allow WordPress backend and SSH (FTP not setup) through my dedicated IP address. I have the latest version of WordPress, Apache server, and a treasure trove of plugins, but none that should effect the log history.

    I also audit through Papertrail and they do not have the attempt either in the access log.

    • This reply was modified 1 year, 6 months ago by Jessica.
Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Tracking User login Activity’ is closed to new replies.

Tags