No when_last_login entry for some users

Hello @dgreenslade

Thank you for reaching out here, there may be a few factors why this is happening and not working 100% correctly.

1. The value of “0” is set when viewing the user’s column and the user has never logged-in before or the plugin fails to get the log in timestamp. This is a bit of old code when the plugin was initially coded up and will most likely get removed in a future update as it’s not really needed any more.
   
2. If your log in process uses a custom authentication method, or gets intercepted and bypasses the wp_login hook the recorded time won’t be recorded. It’s quite common that 2FA plugins change the flow and use their own authentication method for logging in. Can you tell me what plugin you are using so I can look at this further?
   
3. This plugin only tracks the users log in process and won’t track when someone chooses the “Remember Me” option and revisits your site while already being logged-in. I’m looking into some sort of advanced tracking for cases like this, as well as real-time statistics for admins with this plugin. It’s been asked for a lot.
   
   It should track when the user registers, but also depends on the registration process. How are users registering on your site? Are they using the default WordPress User registration flow or is it going through another plugin like a membership plugin?
   
   I hope this helps clear things up for you, please let me know if you have any further questions regarding this.

Thanks for the fast response @andrewza,

Great information thanks.

2FA, or login related plugins we have are

• ‘Duo Two-Factor Authentication’ by Duo Security.
• WPMU Ldap Authentication (as we are in a multisite network, users are added to the network as a “subscriber”, then are added to particular blog sites with various roles per site. So users are added to the network and they register at that level. But they will be signing into particular sites using their LDAP login).

We do also allow SSO but I’m not yet sure of the specific internal workings of that (we are a large organization with several interconnected authentication flows).

What I’m trying to do is delete inactive, or spam users. I’m relying on the ‘when_last_login’ value to know if a user has logged in recently as a source of truth.

1. You mentioned that this may be set to “0” if the plugin fails to get the login timestamp, could that happen if the user had logged in recently but there was some issue (i.e. network issue)?

I want to be sure that I’m not deleting users based on that value if it can be set to “0”, after they have successfully ever logged in before (and having that value be registered at least once as an expected timestamp).

2. If when_last_login plugin is activated, and there are existing users who are registered, but have not logged in since this plugin was activated, should we expect an entry for those users in the ‘wp_usermeta’ table? Or should we expect no entry at all?

Hey @andrewza , just following up on this in case the message got lost in an inbox etc!

Keen to hear your thoughts on my 2 questions above. That will help us narrow in on some of our users who are not being tracked by this plugin.