Users logging in via email are showing as failed attempts, invalid usernames

  • Resolved Alternatewords

    (@alternatewords)


    11 years, 4 months ago

    We just started allowing email logins on our ecourse site (via the WP Email Login).
    I’ve noticed that under Live Traffic > Logings and Logouts these (successful) logins are tracked as failed logins using an invalid username. I don’t believe it is doing any harm (i.e. blocking users who might log in multiple times in a short period) but wanted to bring this to attention.

    https://www.ads-software.com/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Wordfence Security

    (@mmaunder)

    Thanks for reporting this. I’ll investigate it. It may just be caused by the order in which our plugins run e.g. WP Email Login hooks into the login mechanism and if it detects a failed login it attempts to login again assuming it’s an email address and we log it as failed in between those two steps. Will investigate.

    Thanks again,

    Mark.

    Mark, we can confirm this behaviour with the same plugin combination. One additional info: logins are tracked as failed logins but email notifications show: “A user with username “xxxx” who has administrator access signed in to your WordPress site.” xxxx is the username, not the email, although logins were made via email, not username.

    For several sites with approx 1K users each, we would like to know how (email or username) users try to log in for support reasons in case issues occur.

    Hope this helps,

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Users logging in via email are showing as failed attempts, invalid usernames’ is closed to new replies.