Just notice error in nginx error log for multisite

Login LockDown does not record when people log out, only when they try and log in. You can tell that was initiated by the wp_signon function. The query listed isn’t one that records data, but rather one that looks up to see if a user is currently logged out. I have no idea why wp_signon would be called when someone logs out though.

As far as the login attempts go, the data is retained curently, although I do intend to build in a flush option in the next release. The error you are getting is due to issues the plugin has with multisite installations, which is a known issue that will also be fixed in the next release.

-Michael

That sounds awesome! And flushing at the end of the night or after a day or two or having the option to set what we want would be amazing…

Could I make one small request for a future version ?? Could the plugin email us after a set number of logouts has happened? So say 10 logouts happen in a row then I get an email of a potential brute force attack…

Thanks so much!

I am guessing you mean login attempts, and not log outs, correct? Or did you mean lock outs, eg. failed attempts that result in a block?

Either way, I do plan on incorporating options for emails of activity, although I am not sure yet how I am going to group the options or limit the emails to not trigger any issues with the hosts.

-Michael

Sorry haha yea… Wow don’t know why I wrote logout I mean lockout… so small yet so different ??

So yes… It would be very cool if after 10 lockouts happen in a row of say in 10 minutes time it would email the admin of the site… If it continued happening the next 10 lockouts it would send a more urgent email “you are being attacked”…

Maybe limiting the emailing in this way will keep resources low on the host… Another idea to keep resources low… Would it be possible to write the lockouts to a .log file rather than the database?

I think it would be cool because it would give you the option of tailing it… might be very revealing while under attack… This would also help keep resources low as you are taking up space with lockouts in the database… Yea a lockout or two a day does not matter but if your legitimately attacked you could be hit by crazy amounts of IP’s causing your database connections to fill up just trying to write the lockouts… (I am still new so maybe its such small data thats not a issue) But I would think it could be depending on scale of attack…

So on the 20th lockout (second set of 10) You maybe get your second “urgent you are under attack” email and it has a link to the log file to see what is going on…

Maybe all this can be the pro-version ?? I would happily pay or donate for these additional features…

Thanks for all your time and hard work!

patch for multisite problems: https://www.ads-software.com/support/topic/multisite-compatibility-22?replies=13#post-6234383