Logging Password Reset Requests

  • Resolved gwdlarry

    (@gwdlarry)


    4 years, 6 months ago

    Hello there,

    Users are getting unsollicited password reset requests (wp-login.php?action=lostpassword).

    Is there a way to log these requests to a file?

    Thank you in advance.

    Best,
    Larry

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,
    You could use the .htninja script:

    <?php
/*
 +===========================================================================================+
 | NinjaFirewall optional configuration file                                                 |
 |                                                                                           |
 | See: https://blog.nintechnet.com/ninjafirewall-wp-edition-the-htninja-configuration-file/ |
 +===========================================================================================+
*/

if (isset( $_GET['action'] ) && $_GET['action'] == 'lostpassword' && ! empty( $_POST ) ) {
   // Log the request:
   file_put_contents(
      '/some-folder/some-log.log',
      "{$_SERVER['REMOTE_ADDR']}\n{$_SERVER['REQUEST_URI']}\n". print_r( $_POST, true )."\n\n",
      FILE_APPEND
   );
}

    Replace ‘/some-folder/some-log.log’ with the path to the log you want to create.

    Thread Starter gwdlarry

    (@gwdlarry)

    Thank you very much again for your prompt reply.
    Best,
    Larry

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Logging Password Reset Requests’ is closed to new replies.