Log of logged in users in database/WP

  • Hi,

    When dealing with a security issue, I was sure WP stored last access of all users in database (which won’t do any harm in my opinion).

    As I had to look through thousands of lines of apache logs in search of successful logins I wondered why this is not a core feature. It would be really helpful to have this kind of info in standard installation. Besides, adding an option (checkbox) in settings to enable/disable this feature, maybe including also a log file, would be also a great addition.

    I know it is achievable via 3rd plugin, but I really believe anything related to security is welcome in any CMS core.

    Thanks in advance and keep up the good work

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator James Huff

    (@macmanx)

    I imagine it’s not a core feature because it would balloon the database to unmanageable size on a large site with thousands of registered users.

    As it is, I had to set my last audit log plugin on my small-ish site to flush its log every two weeks just to keep the database from being bogged down.

    Generally, this is how the core developers choose what goes into WordPress and what stays a plugin.

    Does it benefit *everyone* using WordPress without negatively impacting their site or workflow? If it does, it winds up in core. If it doesn’t, it stays a plugin so only those who need it have to deal with it.

    Thread Starter aroza

    (@aroza)

    Completely agreed. Usually logs of any kind grow large very fast under heavy traffic. However let’s say that only last 10 (or just last one) login timestamps per user are stored in DB. That would be still useful for a security audit, while regular WP users would notice no impact in their sites, just ten extra and harmless fields in user metadata.

    I think that would a win-win, both for superadmins in large sites, and for “common” admins, who could just checking if users are active or not (should they be removed or noticed?), for example.

    Moderator James Huff

    (@macmanx)

    Possibly. You could certainly propose it as a feature.

    Follow this guide: https://make.www.ads-software.com/core/handbook/reporting-bugs/

    If you don’t find anything similar in Trac as mentioned, report it as bug as directed, but choose “Feature Request” for the bug type.

    It would also help if you nominated a few plugins in your feature request.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Log of logged in users in database/WP’ is closed to new replies.