Is there any plugins to track the failed login attempts password?

  • Resolved Sudeep Acharya

    (@sudeep611)


    12 years, 7 months ago

    I am using a plugin to log users if there is two failed attempts in to login. I only get the username when users try failed login attempts. Is there any way to track the password enter by him.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator bcworkz

    (@bcworkz)

    $_POST["pwd"]?

    Thread Starter Sudeep Acharya

    (@sudeep611)

    @bcworkz can you tell in little detail.

    Moderator bcworkz

    (@bcworkz)

    When the user submits a form by the POST method, all the form fields are loaded into the php superglobal array $_POST by the server. The array element keys match the form field names. So if a form field name is “pwd”, you access it’s value as $_POST[“pwd”].

    So it’s just a matter of storing the value somewhere. Your plugin does this for the username. You need to do something similar for passwords. Keep in mind if you alter your plugin’s code, your changes will be lost when you update the plugin.

    I should mention it is a general privacy breach to store plaintext passwords anywhere, one should normally store only hashes of passwords, not the actual passwords. But since we are storing only failed, invalid passwords, most likely from malicious attacks, I don’t see a problem here.

    Is there a constructive reason for knowing the passwords attempted, or just idle curiosity?

    This records the failed login attempt as well as the password used during the failed attempt, in the dashboard under Dashboard > Activity Monitor.

    https://www.ads-software.com/extend/plugins/threewp-activity-monitor/

    Thread Starter Sudeep Acharya

    (@sudeep611)

    Thank you guys bcworkz and ClaytonJames

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Is there any plugins to track the failed login attempts password?’ is closed to new replies.

Tags