Support » Plugin: WP Security Audit Log » feature request – re failed login attempts

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor robert681

    (@robert681)

    Hi friedVol,

    Thanks for using and supporting our plugni.

    We still report the same amount of details but in a different way. Let me explain:

    Imagine you have a WordPress installation with just the user “admin” on it. If someone tries to login using such a user, the following alert will be reported:

    Username: Admin
    Role: administrator
    Alert: 1 failed login(s) detected

    If multiple failed logins are detected for that username, the number of failed logins will increase.

    In the meantime if someone tries to login using a username “ruby”, which does not exist on your WordPress, the following will be reported:

    Username: unknown
    Role: unknown
    Alert: 1 failed login(s) detected

    Therefore when the user and roles are reported as “unknown” it means that the username the attacker is using to try to login does not exist in your WordPress, hence there is not much to worry about.

    On the other hand if there is a failed login alert and the username is reported, it means that it exists on WordPress hence the attacker might have guessed the username already.

    While I trust the above answers your query, do not hesitate to get in touch should you have any further queries.

    Ah, now I see. Thanks for the explanation. The username/role info is now in a different column on the event line. And I’m getting the publicly displayed name instead of the username. It’s all good.

    But what does it mean when the Role is “System” as in:
    Username/publicly displayed name: Unknown,
    Role: System
    Alert: failed login(s) detected

    What does a System role allow? It’s not on my dashboard’s list of Roles. How can I get a System role?

    What does it mean when I log in and sometimes it says my role is Administrator and other times it says my role is Unknown – yet I’ve never changed my role? And my logins were always successful.

    Yes, I’ve noticed that when another Administrator on my site has a failed login attempt it shows as his publicly displayed name and the role is Unknown. That user confirmed that it truly was he who was trying to log in. The username was correct, but the password was not. …But this is not my situation. I should say this happened several times in May, but not yet in July.

    Thanks.

    Plugin Author WPWhiteSecurity

    (@wpwhitesecurity)

    When in the role you see “system” it means that WordPress itself generated that error, i.e. there is no user and there is no role.

    Since the username used to try to login to WordPress does not exist, then the “default” role is reported in this case.

    As regards the other issue, where the actual user role is not reported, especially since it seems to be an intermittent issue it is quite difficult to troubleshoot via the form. Drop us an email on plugins@wpwhitesecurity.com and we will gladly look into it with you.

    Looking forward to hearing from you.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘feature request – re failed login attempts’ is closed to new replies.