Does WP Cerber keep track of failed logins by username

  • Hi,
    I’m having the following use case and I’m trying to test it with WPCerber, but cannot sort it out. Very often in our current (non WP) system we have totally legitimate users that forget their password, but still – with inexplicable stubbornness keep trying until get locked out. Now, if try this with WP and WPCerber, the user gets locked out, but by IP. We have tow issues with that :
    – usability : it is much easier to locate the user (usually waiting on the phone :-)) in the users list and hit “unblock”, than going through the list of blocked IPs in WPCerber and trying to guess which one to unblock (forget about asking the user about the IP, ours are not of the type that can answer this question)
    – security : actually, one can try a brute force by rotating IPs and same (eventually known) username. While hardly possible, still possible, I guess.

    So, my question/request is : Does WPCerber keep track of failed logins by username ? If yes – is it possible to add “unblock” option in the users list ? If not – is it possible to implement this in some way for added usability and security ?

    Greetings.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author gioni

    (@gioni)

    Hi!

    Thanks for the interesting use case. Technically, WP Cerber has all information in its logs to provide such a feature. The lacking thing is the proper admin UI. I think we will implement it soon.

    Here is a workaround that makes admin routine a bit easier.

    On the Activity log, enter the username into the “Filter by registered user” field. Hit the “Filter” button. Once you get the filtered log, you can find the user IP by using links on the right side of the user panel above the log. In most cases, the “Login failed” link is what you need. If you click the link, you will see the user’s failed attempts to log in. The blocked IP address of the user is marked with a red square icon in the leftmost column. Find the IP on the “Lockout” tab and unlock it.

    Thread Starter joroabv

    (@joroabv)

    Thanks both for the update and the workaround. Hope it’ll be implemented soon.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Does WP Cerber keep track of failed logins by username’ is closed to new replies.