Unexpected Admin log ins shown in activity?

  • EGF

    (@ericgf)


    2 years, 3 months ago

    In the Activity tab i’m seeing Local User as “Administrator” along with events showing as “Logged Out” “Site Policy Enforcement” /wp-amin/admin-ajax.php. The IP associated with these logs are not “Administrator” account related and I have blacklisted the range of these IPs.

    I also see where a normal user logs in successfully, the same IP of the user shows an entry at the exact same time with “Administrator” logged in. Why? An “Administrator” is not logging in at that time.

Viewing 3 replies - 1 through 3 (of 3 total)
  • amplitudecycles

    (@amplitudecycles)

    2 years ago

    Yes. I’m seeing this too. Any updates?

    Plugin Author gioni

    (@gioni)

    2 years ago

    Most likely, some code (in the theme, plugins etc.) on your website try to programmatically switch user accounts. For instance, using this function: https://developer.wordpress.org/reference/functions/wp_set_current_user/

    Checking the URL of those events can get you a clue.

    amplitudecycles

    (@amplitudecycles)

    2 years ago

    The URL is an GET on ‘/’, with no arguments.

    The message is “Logged Out” “Site Policy Enforcement” for the admin user. However, user is logged-in, or attempting to login, or logout. No form is being submitted.

    I have loaded my home page from other countries personally that I’ve blocked and watched that trigger this message.

    In the case where a customer managed to place an order, it showed his login event along with a spurious admin login notification. There was no actual admin login in reality.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Unexpected Admin log ins shown in activity?’ is closed to new replies.