Activity Detail explanation

  • znajdz

    (@audiorelax)


    1 year ago

    Hi,

    Recently I noticed many instances of a human trying to log in to my website. Usually I see red dot and info about blocked by the Wordfence Security Network. Here I see green dot (human) and info that this page was accees https://xxxxx.com/wp-login.php but without any info about person being blocked. Also no info that a person was able to log in, so I guess that person visited wp-login.php and nothing happened. But I’m not sure. I tried to replicate that, I went to this page and did not log in, but I did not see anything in the log, so why this was logged and not me.
    So I’m a bit lost, what this exactly mean? Did anybody was able to get to my admin or not? Also I have Wordfence 2FA Active
    Thank you!

    • This topic was modified 1 year ago by znajdz. Reason: added some info

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @audiorelax, thanks for reaching out.

    Can I confirm that the toggle on your Live Traffic page is set to “SECURITY ONLY” rather than “ALL TRAFFIC”? I just ran tests, and the HTTP 200 response from a non-logged in human on /wp-login.php presents in the way shown in your screenshot while “ALL TRAFFIC” is selected.

    A successful (or failed) login is often shown with a different HTTP response code instead of a 200 when only security events are being shown, but this often presents as a redirect with “and logged in successfully as <username>” shown on the entry.

    Thanks,
    Peter.

    Thread Starter znajdz

    (@audiorelax)

    Hi Peter,

    Thank you for your reply.

    Traffic logging mode SECURITY ONLY that’s why I’m confused.

    I had no e-mails about anyone trying to log in or logged.

    Thank you,

    Adam

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Activity Detail explanation’ is closed to new replies.