Don’t want lo log IP of successful logins

I am currently working on adapting my site to comply with GDPR.

OK

Thus, I don’t want Wordfence to log IPs of successful logins, however, I can’t find an option to acheive this.

I will absolutely regret this. IANAL, but you may not necessarily need to worry about that. Here’s an article about why that is.

https://www.ctrl.blog/entry/gdpr-web-server-logs

The useful part is this under Personal data in server logs.

All of these logs contains personal information by default under the new regulation. IP addresses are specifically defined as personal data per Article 4, Point 1; and Recital 49.

…

If you don’t have a legitimate need to store these logs you should disable logging in your web server. You’re not even allowed to store this type of information without having obtained direct consent for the purposes you intend to store the information for from the persons you’re storing information about. The less customer information you store the lower the risk to your organization.

I emphasized the important part. Wordfence is a security plugin and it is not gratuitously recording that information. When someone logs into your site that is a legitimate data point to record their user ID and password. This can later on be used for validation.

If you see someone log into your system from an IP in one region and then do the same from thousands of miles away then they may be using a VPN. Or their account can be compromised. That IP address is a legitimate means of determining that.

That all said, Wordfence may have or will get an option for what you are asking and not record the IPs of successful logins. I’m just chiming in on the GDPR portion. ??

Isn’t it important to distinguish between a network address as a potential indicator of a data subject (i.e., a person) and a network address that is explicitly linked to a data subject? It is one thing to have a log containing both a user’s name and that user’s IP address (if he or she does indeed have a personal IP address), on the one hand, and on the other hand have a log that does contain IP addresses but the data controller never tries to associate any address with a data subject (even if that were theoretically possible).

Isn’t it true that anonymous data is not subject to GDPR compliance? (that is a question, not a statement).

Jan, I’m curious, do you guys dealing with GDPR actually disable your server logging? Seems to me that defending a website against attacks would be impossible without IP logging. For example, using server level defense software such as CSF or ModSecurity would seem to be severely limited or pretty much useless. Likewise, to disable any of the Wordfence IP related functions would seem to rip the guts out of the web application firewall that Wordfence attempts to provide. MTN

So… I really want to focus on the original poster’s topic and question but it’s related so there’s that.

Jan, I’m curious, do you guys dealing with GDPR actually disable your server logging?

IANAL (can’t stress that enough) but I believe it comes down to what you do with the data. I don’t disable that logging nor do I expect anyone to do so. The rolled logs may be another matter. My rolled logs delete after a time and many servers are setup for that.

The link I included above also has a neat way to GPG encrypt those rolled logs for even greater data protection.

Using the IP address as personally identifiable information (PII) could run afowl of GDPR. Using it for performance metrics isn’t necessarily PII. Think Akamai, Cloudflare and The Goog. That network data is useful for sending users to a more responsive site or network. Performance data may not be treated as PII in that use case.

This isn’t a new thing, though GDPR is. In certain countries you can’t use that data to track users. You can use it for performance metrics and identifying markets or geographical area. A person access my site from Germany is one person in (checks Google) 82.67 million (2016). Same if we are identifying via that IP address, they browsed from Eschborn (population 21k in 2016). I’m using this example as it came up for me in the distant past.

Tracking that user, identifying that user, getting and retaining actual PII is a different matter. And that could include their IP address.

This is a complicated topic and the Core WordPress team is looking at the implications for WordPress.

https://make.www.ads-software.com/core/tag/gdpr-compliance/

When in doubt, ask legal counsel.

Thanks Jan, appreciate you taking time to detail. My site is hosted in the U.S., but some days I get more traffic from the EU than North America. So I’ve got some interest in these things… am certainly not eager to spend time making changes, but it would be nice if Wordfence addressed the issue in a substantive way.

Thanks a lot Jan! Your help is really very much appreciated.

I get the idea of the need to log IPs of course, nevertheless WF (at least the free version) does not seem to have an automated process to determine whether a user is logging in from very different location. However I understand it can be helpful to check out the logs if a user reports problems (like not being able to log in due to someone else changing the password).

I am working in an environment where people are rather sceptical on their data being stored and as the whole site is set up to work as an Intranet I feel i might recieve some negative feedback. Well, I guess I’ll just have to see as turning of WF is of course not an option.

Hi @michilinz
I understand your point and I want to confirm that Defiant, Inc., the owner of the Wordfence service and wordfence.com, is monitoring the EU General Data Protection Regulations (GDPR) and how the regulations are being applied to US based companies in particular. We are working closely with our corporate counsel to ensure if any part of the GDPR becomes applicable to the Defiant services, that the company remains in compliance.

Thanks.

Hi everyone,

just wanted to ask if there is any option to disable the logging of succesful logins. My admin colleagues agreed that we don’t want to store that data, however I can’t find an option to disable logging. Any suggestions how this might be acheived?

Cheers,
Michi

Hi @michilinz,

Successful logins can be important forensic evidence in a situation where a site was compromised, since an attackers login would then also be successful. Without this opportunity to audit the previous logins, you may not be able to figure out which one of your admins accounts is compromised.
If you still don’t want to log this data, unfortunately we don’t have the ability to automatically stop this logging but you could write a script that truncates the wp_wfLogins table.