Can I Log Logged in WordPress users in Apache without a WordPress plugin?

Although a little clunky I’ve found a passable solution to this problem using mod_security.

To implement this, enable modsecurity in Apache (presumably with a2enmod security). Then edit the config file. On my Ubuntu based systems this is at /etc/modsecurity/modsecurity.conf and as follows:

Ensure SecRequestBodyAccess is On (and I assume SecRuleEngine to DetectionOnly).

You may also want to limit logging to part H –

 SecAuditLogParts H

Add a rule to the end of the file like :

SecRule ARGS:log "@rx ^[a-zA-Z0-9_.-]+$" \
    "id:800002,\
    phase:2,\
    pass,\
    capture,\
    log,\
    msg:'Login value: %{MATCHED_VAR}'"

This will write a fairly noisy log file to whatever file is specified in SecAuditLog which contains the appropriate information. You can extract the interesting line with a command like

 grep "Apache-Error" /var/log/apache2/modsec_audit.log | grep "800002"

or for an even less noisy version which will give you a comma delimited set of entries with IP addrsss, auth username, website name and URL

 grep "Apache-Error" /var/log/apache2/modsec_audit.log | grep "800002"  | tr -s '"[]: ' ' ' | awk '{print $29,$9,$31,$33}'

Unfortunately this does not on my systems show the date in an easily readable form although there is an additional line “StopWatch” which shows date since the Epoch. I presume it is possible to ship the logfile to syslog and have syslog timestamp each line.

Related Posts:

  1. Change GitHub Account username
  2. Google OAuth 2 authorization – Error: redirect_uri_mismatch
  3. What are the main differences between JWT and OAuth authentication?
  4. How to use OAuth authentication with REST API via CURL commands?
  5. How to validate a user from ouside wordpress/php?
  6. Override user authentication with external credentials
  7. JWT authentication with WP – Approach
  8. why does WordPress need two cookies for auth/login
  9. Extend WordPress (4.x) session and nonce
  10. How to use WordPress authentication on non-WordPress page?
  11. Keep Users Logged In As Long As I Like
  12. How does ifttt.com authenticate a supplied WordPress account
  13. Storing Dropbox Authentication?
  14. Does the debug.log do log rotation?
  15. authentication issue with rest api – rest_cannot_create
  16. WordPress as a OAuth Provider
  17. Using separate Apache log files for multisite
  18. Authentication for wordpress website
  19. How to leverage authentication outside of WordPress?
  20. How do I execute a wp_remote_get call using NTLM authentication?
  21. Outgoing proxy connection problem
  22. WordPress SSO with MemberPress
  23. Authenticated request to WP REST API V2 returning 403 error on /users/me [closed]
  24. Set authentication cookies to be shorter but then extend with every page load
  25. WordPress user Authentication
  26. WordPress asking for FTP details when installing plugins
  27. How to password protect media library files (PDF)?
  28. How to use Azure AD for authentication?
  29. implement authentication and authorization to user
  30. for a role-protected page, programmatically login user and load page
  31. guest authentication
  32. wordpress 3.9 remote token auth
  33. How to set up Shibboleth authentication for a MU site
  34. Login after “Read More” then return to article
  35. How to make WordPress use authentication from Parent Site
  36. auto logout user when user logout on one of the opened tab
  37. How can I have authenticated WordPress users automatically sign into Moodle?
  38. Requiring Authentication for Parts of WordPress Site
  39. WooCommerce OAuth 1.0 + JWT authentication with JS/React
  40. Authenticating users with usermeta fields
  41. Getting Authentication required popup
  42. How can LDAP/Active Directory be integrated in WordPress?
  43. Authenticate Subdomain
  44. How to create new users with JWT Auth Plugin?
  45. Mirgrating a user at signon
  46. Automate WordPress Login
  47. Application to Website authentication
  48. How to authenticate using JWT by ajax?
  49. Open authenticed WordPress page from mobile app
  50. Access to customer profile with pin code
  51. WP link for reset password is not received
  52. How to make an other web app can login with wordpress authentication?
  53. How to add additional factor to wordpress authentication
  54. Adding a “Sign In/My Account” link to an external app
  55. Check if user is logged in, inside php file in template directory
  56. Connect my WordPress site users to my public site account without showing my public site credentials
  57. WordPress Multisite and site speed and scaleability
  58. Blocking the direct access to images in the upload folder WordPress
  59. Can you pass user/pass for HTTP Basic Authentication in URL parameters?
  60. What is the difference between authentication and authorization?
  61. wp_signon by user’s login by their particular role
  62. Unable to login with correct password
  63. change wordpress log language to something different to website
  64. http://localhost:80 is not working on running Apache server through UniServer ZeroXIII
  65. Xampp MySQL not starting – “Attempting to start MySQL service…”
  66. Enable PHP Apache2
  67. PHP and mod_fcgid: ap_pass_brigade failed in handle_request_ipc function
  68. Https to http redirect using htaccess
  69. Automatic WordPress Login of Logged In ClickFunnels User
  70. custom XMLRPC method plus authentication of user & WooCommerce order
  71. WordPress REST API call generates nonce twice on every call
  72. Utilize WordPress Authentication Only
  73. What are some good Apache settings to use with wordpress?
  74. External system integration with wordpress
  75. Options for authenticated feeds
  76. 301-redirect directives for blogger to wordpress migration
  77. Posting and image insertion problems after EasyApache4 and PHP 7 upgrade
  78. How can I authenticate user credentials against a WordPress instance?
  79. How to configure sub-domain for images on Debian Apache VPS?
  80. WordPress Multisite logout conflict
  81. “Database Connection Error” upon install in Apache VirtualHost document root.. Why did this happen? [closed]
  82. Login to wordpress by clicking a link and specifying usernaname and password in url
  83. How to redirect only 404 pages with htaccess in WordPress
  84. wp-content – permissions for files/folders created by apache
  85. Monitor wordpress all external calls
  86. CURL error with REST API
  87. My account staying logged when the browser closed
  88. Using WordPress login for a non word-press website
  89. WordPress V2 REST-API: Endpoints 404?
  90. Why my multisite is this slow? (stats inside)
  91. Debug info from request handler
  92. throttle/limit a logged in user’s http requests to specific page on a per day basis
  93. Apache Redirect based on WordPress permissions
  94. Opening protected page with cookie?
  95. External Authentication
  96. Resolve the debugs
  97. WordPress redirection
  98. How to track all users logged into a site?
  99. Make a Docker application write to stdout
  100. WordPress – Unable to Create New Account – Windows/Apache/MySQL
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)