Difference between revisions of "Log failed passwords to a file in Wordpress"

From ETCwiki
Jump to navigationJump to search
(Created page with "One of my Wordpress sites was getting hacked and I was wondering what passwords the hackers were attempting to use so we could know how serious it was. I added this snippet of...")
 
 
Line 35: Line 35:
 
*[http://www.angelwatt.com/words/2012/04/03/wordpress-plugin-log-login-attempts/ Angel Watt - log login attempts] - this is more thorough, with CSV output, but seemed like overkill to me, and was more than a few years old
 
*[http://www.angelwatt.com/words/2012/04/03/wordpress-plugin-log-login-attempts/ Angel Watt - log login attempts] - this is more thorough, with CSV output, but seemed like overkill to me, and was more than a few years old
 
*[https://stackoverflow.com/questions/33709837/how-to-log-login-attempts-directly-on-a-log-file Stack Overflow] - Just people searching for this same stuff, no solutions
 
*[https://stackoverflow.com/questions/33709837/how-to-log-login-attempts-directly-on-a-log-file Stack Overflow] - Just people searching for this same stuff, no solutions
 +
 +
[[Category:Wordpress]]

Latest revision as of 16:02, 21 January 2018

One of my Wordpress sites was getting hacked and I was wondering what passwords the hackers were attempting to use so we could know how serious it was. I added this snippet of code to the end of my functions.php file in Wordpress. This code hooks into wp_login_failed, so it will only record failed passwords to the file. You have to modify one line to link to your website's root directory.

Yeah I know this code could be done in fewer lines and with better output logging. Oh well, it works.

Wordpress 4.9.2 -- Written 1/21/2018

Dangers

  • If you mistype your password by 1 letter it will be logged!
  • Writing to a hidden file like .htfailures will make it more secure, do not write to a CSV or something that ends up public!


//RECORD FAILED PASSWORDS TO A FILE goes in functions.php
add_action('wp_login_failed', 'login_failed_func');
function login_failed_func($args) {
        //Start output buffering to avoid echoing
        ob_start();
        $data = var_dump($args);
        $out = ob_get_clean();
        $failed = $_POST['pwd'];
        $date = date('m/d/Y h:i:s a');
        //REPLACE THIS FILE WITH YOUR FILE
        $my_file = '/var/www/mysite/public_html/.htfailures';
        $handle = fopen($my_file, 'a') or die('Cannot open file:  '.$my_file);
        $newline = "\n";
        fwrite($handle, $date);
        fwrite($handle, $out);
        fwrite($handle, $failed);
        fwrite($handle, $newline);
        fwrite($handle, $newline);
        fclose($handle);
}

External Links