Wordfence Security
[resolved] Users logging in via email are showing as failed attempts, invalid usernames (3 posts)

  1. Alternatewords
    Posted 2 years ago #

    We just started allowing email logins on our ecourse site (via the WP Email Login).
    I've noticed that under Live Traffic > Logings and Logouts these (successful) logins are tracked as failed logins using an invalid username. I don't believe it is doing any harm (i.e. blocking users who might log in multiple times in a short period) but wanted to bring this to attention.


  2. Wordfence
    Plugin Author

    Posted 2 years ago #

    Thanks for reporting this. I'll investigate it. It may just be caused by the order in which our plugins run e.g. WP Email Login hooks into the login mechanism and if it detects a failed login it attempts to login again assuming it's an email address and we log it as failed in between those two steps. Will investigate.

    Thanks again,


  3. dkrahl
    Posted 2 years ago #

    Mark, we can confirm this behaviour with the same plugin combination. One additional info: logins are tracked as failed logins but email notifications show: "A user with username "xxxx" who has administrator access signed in to your WordPress site." xxxx is the username, not the email, although logins were made via email, not username.

    For several sites with approx 1K users each, we would like to know how (email or username) users try to log in for support reasons in case issues occur.

    Hope this helps,

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Wordfence Security
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic