WordPress.org

Forums

WP Security Audit Log
[resolved] Not logging failed logins (6 posts)

  1. Marcus Downing
    Member
    Posted 1 year ago #

    Your documentation states that the plugin logs failed login attempts, but my experiments have failed to get it to happen. Is this a bug, or is there something else I need to do to enable WARNING messages to be logged?

    http://wordpress.org/plugins/wp-security-audit-log/

  2. WPWhiteSecurity
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Marcus,

    Correct, it does log failed logins and it works for sure, as we have tested it properly.

    Do you have some plugin that hooks to the WordPress login page by any chance?

  3. Marcus Downing
    Member
    Posted 1 year ago #

    Further investigation shows that the "Better WP Security" plugin intercepts and replaces the wp_authenticate method. If BWPS has the "Login limits" option turned on (to protect against brute force attacks), then it doesn't fire the wp_login_failed action, instead sending it only to its own log (bwps_secure->logevent).

    So as far as I'm concerned this is a bug in Better WP Security, not in WP Security Audit Log at all.

  4. Marcus Downing
    Member
    Posted 1 year ago #

    (marking as resolved since it's the fault lies elsewhere)

  5. WPWhiteSecurity
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Marcus,

    Thanks for looking into this issue yourself and for pointing out what the problem is.

    I agree with you, that this is an issue from Better WP Security.

    Thanks and have a great day.

  6. Marcus Downing
    Member
    Posted 1 year ago #

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WP Security Audit Log
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.