No email alert for blacklisted user logins

  • Resolved shrewdies

    (@shrewdies)


    8 years, 6 months ago

    I’ve noted in my response to https://wordpress.org/support/topic/user-and-password-used-by-hacker-trying-to-login?replies=2#post-7484067 that the “Blocked by login security setting.” error message seems to be triggered by attempted logins by blacklisted usernames.

    These security breaches get listed in Wordfence – Blocked IPs, but do not get included in email alerts. I’m guessing this happens because Wordfence doesn’t treat these breaches as being serious enough for action, as the threat has already been blocked.

    However, after I’ve convinced myself that Wordfence temporary blocks are warranted, I put a permanent challenge on the IP address in CloudFlare. That reduces the load on my server and on Wordfence.

    Is it possible to include an option to report these attempted blacklist logins by email? I realize that isn’t 100% in-keeping with the WordFence philosophy of keeping email alerts to the minimum. However, in my case, these breaches do warrant further action.

    https://wordpress.org/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)
  • WFBrian

    (@wfbrian)

    8 years, 6 months ago

    Hi Keith,

    Thanks for the suggestion! I’ll pass it on. We look at all suggestions that are provided but can’t guarantee a feature will be added.

    Thanks!
    Brian

    Thread Starter shrewdies

    (@shrewdies)

    8 years, 6 months ago

    Thanks Brian,

    I’ve thought about the logic of this, and I now think you have it absolutely right.

    If I want email, all I have to do is remove the blacklisted usernames. Then they’ll trigger the lockouts from invalid username.

    Maybe the documentation could be clearer, but it’s a minor point. Your plugin is fantastic. If I was only allowed 1 plugin it would be Wordfence.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘No email alert for blacklisted user logins’ is closed to new replies.