Support » Plugin: When Last Login » ‘Last logins’ as posts create problems

  • Resolved idearius

    (@idearius)


    Hi. I’ve been testing your plugin and it is useful, yet I found two problems with the way it keeps records/logs:

    1. As the records at the ‘Last logins’ section are a custom post type, plugins like Sucuri Security that can warn you when posts change, send unnecessary emails. You get an email warning for the login, and another one reporting that a new ‘Last logins’ post changed from Private to Published.

    2. The posts at ‘Last longins’ can be edited, allowing for security related logs to be tampered with. Not using custom posts would make that tampering harder, as you would need database or hosting account credentials to change logs. Besides, it would (most likely) not increase exponentially the amount of IDs used by WordPress.

    Hope this helps.

    Best.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Andrew

    (@andrewza)

    Hi @idearius,

    Thank you for getting in touch.

    I’m sorry to hear for the issues you are experiencing.

    I have added your requests to our development schedule, if you would like to remove the custom post type temporarily until version 0.6 is released.

    You may comment out the following code by going to wp-content/plugins/when-last-login/when-last-login.php and edit with your text editor of choice –

    
    (change lines 132 - 139)
    $args = array(
              'post_title'    => $users->data->display_name . __( ' has logged in at ', 'when-last-login' ) . date( 'Y-m-d H:i:s', current_time( 'timestamp' ) ),
              'post_status'   => 'publish',
              'post_author'   => $users->ID,
              'post_type'     => 'wll_records'
            );
    
            wp_insert_post( $args );
    

    To the following

    
    /*
    $args = array(
              'post_title'    => $users->data->display_name . __( ' has logged in at ', 'when-last-login' ) . date( 'Y-m-d H:i:s', current_time( 'timestamp' ) ),
              'post_status'   => 'publish',
              'post_author'   => $users->ID,
              'post_type'     => 'wll_records'
            );
    
            wp_insert_post( $args );
    */
    

    One last place that you may comment out code is on line 66

    please change it to –

    // add_action( 'init', array( $this, 'login_record_cp' ) );

    Please let me know if the above is unclear, I will gladly help guide you through making this temporary change or send you through a temporary fix to disable the Custom Post Type.

    Have a great day! 🙂

    idearius

    (@idearius)

    Thank you, Andrew. I’d rather wait for 0.6.

    They way the logs are saved is a bit inconvenient for me, yet I find the data useful.

    Best,

    Alfonso

    Yes, there needs to be a way to prevent users from editing or deleting their own login records.

    +1 here. While user meta based login recording is useful, permanent CPT-based history recording should be optional via a simple constant or similar. Systems may already have this functionality via a variety of other plugins (iThemes Security, WP Stream, etc), in which case we’re simply spamming the system here for no benefits. Thanks for reading.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘‘Last logins’ as posts create problems’ is closed to new replies.