Feature Request: LOGGING – keep a record of all user-switching: who/when/IP

  • Resolved thezman

    (@thezman)


    10 months, 2 weeks ago

    I would like to propose that this needs LOGGING, where as a full log of any admin who “becomes” other users is kept and can be seen by all admins.

    Allow me to convince you.

    First off: I am extremely impressed with this plugin. I recently patched up a site for a client that had a membership system which was hacked, we suspected this plugin was involved, however after finding the real problem (an insecure slideshow plugin, lol) we determined this plugin is not only SOLID its very well build from a security perspective.

    We even tried hacking it directly, to no avail.

    Disclaimer: I am not saying there are no vulnerabilities, I am saying we did basic penetration testing and could not find any.

    However: it should be noted that IF you have some other vulnerable plugin in your system, and a hacker gets INTO your site using that other plugin, then gets admin rights – It becomes really easy for them to “become other users” within your system and hide from you, which can then be hard to find out who is behind the shenanigan. (especially if you have a large site with 100+ of managers/admins and 1000+ members)

    Important context: What we found was a hacker had exploited a very old junk slideshow plugin to get admin access via an elaborate and clever spoofing/spearfishing attack which tricked an existing admin into revealing their password on a page that certainly looked like it came from our site…

    Once the hacker had admin access they made their own admin user, then logged in and took advantage of this “user-switching” plugin to make it look like other members were the problem, but in fact it was the attacker.

    We discovered this by telling all admins to stop logging in, we then disabled user-switching, then waited and watched to see what admin logged in next, caught the user, blocked their IP and patched up our whole system.

    We WANT to use user-switching within our site, but we think it should log a record of every time an admin “becomes” someone.

Viewing 1 replies (of 1 total)
  • Plugin Author John Blackbourn

    (@johnbillion)

    WordPress Core Developer

    Thanks for the message and the review, I’m glad you’re pleased with the plugin. Sorry to hear that your site was hacked!

    The reason User Switching doesn’t include a logging system is because there are several mature audit trail plugins that support the User Switching plugin. If you need to log when a user switches between accounts, it’s very likely that you also need to log everything else they do, therefore it makes sense to use a fully featured audit trail plugin so all the logs are in the same place.

    I thought I had added a specific FAQ for this but it looks like I’ve only mentioned it under the “Does this plugin allow a user to frame another user for an action?” FAQ:

    You can install an audit trail plugin such as Simple History, WP Activity Log, or Stream, all of which have built-in support for User Switching and all of which log an entry when a user switches into another account.

    If you’ve already got one of those plugins installed, great. If not, I highly recommend it!

Viewing 1 replies (of 1 total)
  • The topic ‘Feature Request: LOGGING – keep a record of all user-switching: who/when/IP’ is closed to new replies.