CERBER_FAIL_LOG

Hi!

Besides the constant definition, you have to enable this setting: Write failed login attempts to the file. It’s on the Main settings tab.

This is already checked, and still not working.

Thanks.

Please inspect the web server error log.

Hi Gioni. Is there anything to be looking for in the server error log? Maybe you could point me in the right direction?

Thanks

You need to look for your filename that you’ve specified with CERBER_FAIL_LOG.

Also you can find the following line in the wp-cerber.php file

if ( $log = @fopen( CERBER_FAIL_LOG, 'a' ) ) {

and remove @ symbol this way:

if ( $log = fopen( CERBER_FAIL_LOG, 'a' ) ) {

This should produce informative error messages in the server error log if the plugin is unable to write to the file.

Ok… Thanks. I’ll keep you posted.

Ok… Thank you for your help with this. It is working now.

One question if I may. I notice that it’s only recording actual failed log in attempts where people try to log in with a username, but since the wp-login is changed, it isn’t recording IP’s for those who are attempting to access the unauthorized URL. Is there a way to log this information, as these are the IP’s of the malicious attempts… right?

Thanks again.

Not completely. Most those attempts are just probes, not brute-force attacks. The main reason for using logging to a file is to protect a website from intensive brute-force attacks with fail2ban. So logging all those IPs is not implemented intentionally.

Ok. That makes sense. Thanks for the great plugin.