iThemes Security (formerly Better WP Security)
[resolved] Failed login attempts (5 posts)

  1. rhodian
    Posted 3 years ago #


    I have Better WP Security installed and it is working really well...

    The failed login attempts log regularly indicates that there are login attempts for user 'admin' - 1 every hour or so during the night. Enough to keep below the radar and not get blocked automatically!

    As the plugin does not report an IP address for me to block, I installed Simple Login log, which simply logs login attempt and left it all night. By the morning, Better WP Security reported additional failed attempts BUT Simple Login Log did not..... it only has successful attempts logged!

    I do not know what is going on BUT assume the Better WP Security is correct.... Can I get the IP address for failed attempts somehow?

    PS - While there is no 'admin' user, I do not like idea someone trying to get into our site!



  2. Handoko
    Posted 3 years ago #

    Do you mean you want to see the IP of the logging attempts?

    Using cPanel > phpMyAdmin

    1. Login to your cPanel
    2. Click the icon: phpMyAdmin
    3. On the left panel, click the database of your website
    4. On the left panel (again), click the item: ??bwps_log
    5. There you can see the IPs

    Using Adminer Plugin

    You can also install Adminer plugin. It works similar as phpMyAdmin, but it's easier.

  3. rhodian
    Posted 3 years ago #


    Thanks for the information, I was able to get the IP addresses from there! Now to see why Cloudflare (I'm using them for caching) is triggering failed login attempts!

    One last question, which WP hooks are used by the plugin to trap login and failed login? I'm trying to see why the Simple Login Log plugin is not reporting the failed attempts! This is really odd!


  4. Handoko
    Posted 3 years ago #

    ... which WP hooks are used by the plugin ...

    I'm not a programming expert, sorry I don't know.

    ... why the Simple Login Log plugin is not reporting ...

    Yep, it sounds strange. You can try to use cPanel log too see if the IP ever tried to access your site. Unfortunately the log will only keep the 1000 latest records. Here is how to see the log:

    1. Login to cPanel
    2. Click the icon: Latest Visitors
    3. Choose the database of your website
    4. Type the IP or wp-login.php on the search box

    I think Better WP Security work better than Simple Login Log, because I often cross check between the report of Better WP Security and Latest Visitor, both of them report correctly. I ever wanted to try Simple Login Log, but so far I never used it.

  5. rhodian
    Posted 3 years ago #

    Apologies Handoko... I thought you may have been the plugin author!

    One of the reasons I asked is that the author of Simple Login Log was curious as to why they differed as well!

    FYI, Cloudflare support got back to me re: the IP address activity... They act as a reverse proxy therefore unless you use their WP plugin or install an Apache module, you get a CloudFlare IP address and not the one making the request!

    I've installed the plugin, I'll now wait and see if the IP addresses are reported correctly!

    Thanks once again!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic