wp_login_fails table has every failed login ever

  • Resolved jimoe

    (@jimoe)


    4 years, 8 months ago

    login lockdown version 1.8.1

    I installed Login Lockdown in Jan 2019. Since then it has recorded every failed login, currently almost 160,000.

    There does not appear to be any way to age or mass delete the wp_login_fails table from the plugin’s settings page.

    Is it okay to periodically empty the wp_login_fails table?

Viewing 7 replies - 1 through 7 (of 7 total)
  • Thread Starter jimoe

    (@jimoe)

    There are also almost 17,000 entries in wp_lockdowns. Can this table be emptied as well?

    @jimoe Yes, I will try and add the interface in for maintenance for manual and automatic cleaning of those tables next release, thank you for reminding me.

    -Michael

    I would like this functionality as well.

    Thread Starter jimoe

    (@jimoe)

    I wrote a bash script to handle this. It have cron run the script once a week.
    – It assumes ~/.mylogin.cnf is defined for authentication.
    – It creates a list of busy hackers.
    – It deletes entries older than 2 weeks.

    cd ${DST_DIR}
    #
    # Get a list of the most prolific offenders,
    # more than 20 attempts in the last 2 weeks.
    #
    filo=”$DST_DIR/lockdown-ip-count-“date +%FT%H.%M.%S“.csv”
    sqlcmd=’select count(t.login_attempt_id) as ip_count,t.login_attempt_ip’
    sqlcmd=”$sqlcmd from dbname.wp_login_fails t”
    sqlcmd=”$sqlcmd where datediff(now(), t.login_attempt_date) < 15″
    sqlcmd=”$sqlcmd group by t.login_attempt_ip having (20 < ip_count)”
    sqlcmd=”$sqlcmd order by ip_count desc;”
    # echo $sqlcmd
    # exit 0

    mysql –login-path=sohne_admin -e “$sqlcmd” > $filo
    rtn=$?

    # echo “mysql return value [$rtn]”

    #
    # Clean the database tables.
    #
    if [ 0 -eq $rtn ]; then
    sqlcmd=’DELETE FROM dbname.wp_lockdowns WHERE 14 < datediff(now(), dbname.wp_lockdowns.lockdown_date);’
    mysql –login-path=sohne_admin -e “$sqlcmd”
    rtn=$?
    # echo “mysql return value [$rtn]”

    sqlcmd=’DELETE FROM dbname.wp_login_fails WHERE 14 < datediff(now(), dbname.wp_login_fails.login_attempt_date);’
    mysql –login-path=sohne_admin -e “$sqlcmd”
    rtn=$?
    # echo “mysql return value [$rtn]”
    else
    echo “Login Lockdown data collection failed.”
    echo ” Login tables not cleaned.”
    fi
    exit 0

    can this table wp_login_fails have all it’s rows emptied without breaking the database?

    I have a plugin called advanced db cleaner which I used to empty the table.

    @londontiger It will not hurt anything to purge the tables.

    -Michael

    Thank you for confirming. My database balooned to 64MB since 2012. I was worried because I feared that there was a bug on the database. Luckily it was just logs on a table.

    IIRC there was 900K+ failed logins, some of those wordpress brute force attacks are prolific.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘wp_login_fails table has every failed login ever’ is closed to new replies.