Can I see the passwords used in failed login alerts?

  • Resolved Lsnewton

    (@lsnewton)


    10 years, 7 months ago

    I receive an alert when someone fails an attempt to log in to my site, along with the user name that they used, which is awesome. However, is there a way to see the password that they attempted to use?

    It doesn’t really matter when blocking brute-force attacks, obviously, but I have a suspicion that one of my sites was being specifically targeted by a human behind some proxies. I’d like to know what they were trying to use as a password.

    https://www.ads-software.com/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)

  • good question, i’d like to know if this is possible too for the same reason. thanks

    Eddie

    (@ejamesonvalleyhopeorg)

    Agreed, this would be a valuable asset to site managers/researchers.

    Plugin Author Wordfence Security

    (@mmaunder)

    Me too. In fact we really wanted to add this feature when we first created Wordfence.

    But the problem is that one of your customers or you might accidentally mistype your password, and then it gets sent via email as an alert. A hacker might realize what you meant to type if they see that email and gain access to your account.

    So we chose to not implement this for security sake.

    Regards,

    Mark.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Can I see the passwords used in failed login alerts?’ is closed to new replies.