The iTSec plugin does not provide such option, probably because what’s the point of using a security plugin without any logging …
Perhaps you should focus on the log entry type logged most frequently. Eg: If the majority of log entries are 404 you could simply disable the 404 Detection module. Or investigate where those 404 come from and fix ‘m. Or configure the 404 Detection module to log less 404’s.
To prevent any confusion, I’m not iThemes.
We don’t log 404s. The logs are blocked IPs only due to failed logins/malicious requests etc so nothing we can do there. The plugin is configured to log as little of possible actually.
Ok, so looks like the site is suffering from brute force attacks.
Which type of brute force attacks ? The information (Login Source) under the Brute Force (Invalid Login) notice log entries View Details link will tell you.
Preferably you want to prevent any brute force attack from happening.
No brute force attacks means substantial less log entries generated.
(And a smaller .htaccess file, which is good for performance).
So first we need to know the type of brute force attacks. Could be just one type, could be multiple types. When we know the type(s) we can look at our options to prevent them from happening.
Share a link to the site and I’ll even run a quick scan for you.
Nah. Script kiddies. The normal attempts you seen on any WP site with decent traffic. In my case it’s 60 or so sites.
admin:1234, attempts at author logins, repeated bad logins etc…
I don’t need a scan. I need to disable logs 🙂
Seriously 40k log entries generated in 24 hours by script kiddies …
Is the site name theholygrail.com 😉
Still no option to disable logs … but …
Sounds like the site is leaking user names. That fact alone makes it a popular and easy brute force target.
Also enabling the Hide Backend module (if not already) might help lowering the number of brute force attacks.
Basically do everything possible to prevent brute force attacks.
Also makes you sleep better, trust me 😉
Anyway, moving on. Plenty of other interesting topics. Unsubscribed.
I don’t own the holygrail.com but this site receives ~half a million page views a day. With out getting into the debate as to wether enumerating usernames “leaking” as you put it, is a security risk – it’s not in this case.
wp-login.php does not have a login form at all. We’ve removed the default WP auth form in favor of Google OAuth. Try as you may to use usernames but it will never work. You’d need to use and be logged into the gmail email address (and double auth for that matter).
So why is iThemes logging “failed login attempts” if there is literally no <form> element to POST to? Ah! Excellent question! If you pop open your terminal and send a POST request to /wp-login.php of any kind, iThemes logs it despite the absence of an actual form. Seeing as we already have NGINX logs, this information is especially useless.
@jwind ,
Unfortunately, iThemes removed the ability to clear its logs a while ago. Instead, you can use the following plugin to clear your logs. Simple, fast, non-intrusive. By the way, not my plugin.
https://wordpress.org/plugins/log-cleaner-for-ithemes-security/
Also, within Global Settings you can set “Days to Keep Database Logs” to 0 (zero) to minimize the database size.
Cheers!
