Where to find Last logins on the database?

You can find the data here [1] each line in the file is a JSON-encoded object with information associated to each successful login including the user ID, username, IP address of the origin of the request, IP address of the host, and the time when the authentication was attempted.

[1] /wp-content/uploads/sucuri/sucuri-lastlogins.php

How do I make that visible on the front-end by user id. The only thing I got from the sucuri-lastlogins.php, when the only thing that’s there is <?php exit(0); ?>

If the only thing that you see in the file is the PHP exit instruction, it means that the plugin has not registered any user authentication (see below for an example). You can read the source code of the plugin [1] to have an idea of how to extract data from here, either by user ID, username or IP address.

<?php exit(0); ?>
{
  "user_id": 1,
  "user_login": "admin",
  "user_remoteaddr": "192.168.1.53",
  "user_hostname": "192.168.1.53",
  "user_lastlogin": "2017-06-24 13:30:33"
}

If you are referring to the information printed in the “Audit Logs” panel, this comes directly from the Sucuri API service here [2] you can use your API key to communicate with this service and retrieve the data that you need. Here is how we do it in the plugin [3].

[1] https://github.com/Sucuri/sucuri-wordpress-plugin/blob/8542b2f/src/lastlogins.php
[2] https://wordpress.sucuri.net/api/
[3] https://github.com/Sucuri/sucuri-wordpress-plugin/blob/8542b2f/src/api.lib.php#L442-L460

NICE… Thanks, I found it on the live site.

Now is how to echo it on a custom page template by User ID, thoughts? I currently have a different script in play but I would rather use Sucuri data. ??

Retrieving the logs for a specific user using Sucuri’s data is not a good idea, we store the data linearly without additional associations, this approach works very well for us because because the Sucuri plugin has no need to apply filters (which is what you need for your project).

My suggestion is to implement your own user login detector [1], that way you can take control over your own data and will remove the dependency on a 3rd-party data storage system that was designed with a different goal. Having your own data plan will also allow you to have better performance for your use case.

However, if you still plan to use Sucuri’s data for this, you can call this function [2] and iterate through the results to find the logs associated to a specific user ID. If you want to rely on the data from the API service, you can do the same but with this other function [3]. But again, do not do this if you care about performance, if you are going to query a small amount of user accounts it will be okay, but if you need to execute this query multiple times against many users IDs it will be better to have your own data plan.

[1] https://github.com/Sucuri/sucuri-wordpress-plugin/blob/8542b2f/src/lastlogins.php#L233-L256
[2] https://github.com/Sucuri/sucuri-wordpress-plugin/blob/8542b2f/src/lastlogins.php#L259-L270
[3] https://github.com/Sucuri/sucuri-wordpress-plugin/blob/8542b2f/src/api.lib.php#L442-L460

Thank you so much for your quick responses, I think I’ll continue using my own script but still keep sucuri for the admin user side.

This is now RESOLVED ??