Would it help to add an info icon, qualifying “Never” as “Not since the plugin was activated”?
This is not the problem. I have installed this plugin for quite a long time, but even new logins are not detected.
The plugin relies on the
wp_login action to update the login date. Do you happen to use any other plugins on your site that might change the way users are authenticated?
Do you happen to use any other plugins on your site that might change the way users are authenticated?
That was a good question.
In my case, users with https://wordpress.org/plugins/two-factor/ enabled always show “Never.”
Those with it not enabled show the date but not time.
Wordfence is popular and has a 2FA feature.
Personally, “Not since the plugin was activated” would be better than “Never.” Also, I’d not use a period after the expression because it’s not a complete sentence. In addition, rather than simply showing the date, it should show the date and time per the WordPress timezone-setting.
However, when the plugin is disabled, does it clear data in the database? If so, why? I should think someone should be able to disable and enable the plugin without losing the last login date and time the plugin reads. Manually deleting the plugin should probably clean the data (or that should be an option), but updating the plugin shouldn’t.