Support » Plugin: Simple History » Missing a few options that can cause crazy issues

  • Resolved p10design

    (@p10design)


    There’s one problem with this plugin that could potentially cause your website to crash…

    I had 2.086,352 rows in my database created by simple history. The reason, is because Simple History records every time a user fails to login. When websites are hit by brutal force attacks, this causes the plugin to register every single attempt on a new row in the database. That’s how I ended up with over 2 million rows. It would be great to have the option to pick what you want to keep track of.

    Also, the database log is cleared after 60 days, there’s no option to change the number of days. I typically use this plugin when we need to pull a site down to make updates while the client is still making updates to the live site. Sometimes this updates can stall for months.. so 60 days is not always ideal.

    Overall a good plugin. But it needs to give the user more control over some settings.

    https://wordpress.org/plugins/simple-history/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter p10design

    (@p10design)

    Found another site that had Simple History installed for about 2 months. About 3 million rows in the simple_history table. This is a huge issue.

    Plugin Author eskapism

    (@eskapism)

    That’s a lot of rows, I agree with that. I actually did some changes that are available in the latest update, so after the update each log row occupy a bit less space.

    The number of logged row will not decrease however. The purpose of the plugin is to log what happens. So if a site gets lots of login attempts = lots of rows will get logged.

    Perhaps the best way to get rid of all those failed login attempts is to install a plugin such as WordFence or JetPack that can block brute force attacks. The risk of being hacked is a bigger problem than a database table growing large, I think.

    Thread Starter p10design

    (@p10design)

    It’s almost impossible to stop brutalforce attacks. Just ask any website hosts out there. We can slow them down, but they are going to happen. I understand the purpose of the plugin. But maybe providing more options over what the plugin track would help.

    Anyway. This is not your fault, and it’s technically not the plugins fault. But I can see this being a problem for most sites since most wordpress sites get attacked.

    Plugin Author eskapism

    (@eskapism)

    I’ll see what I can do about that. I don’t want to clutter the interface with settings or such, but neither do I want the logs to be super huge.

    I’ve used Jetpack on a couple of sites and the number of failed login attempts have dropped significantly. It’s worth a try I think!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Missing a few options that can cause crazy issues’ is closed to new replies.