Skip to content
Read For Learn
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP

Store brute-force IP addresses

You can use wp_login_failed action for that purpose… It’s called at the end of wp_authenticate, if user credentials were incorrect.

function my_log_brute_force( $username ) {
    $ip_address = $_SERVER['REMOTE_ADDR'];
    // store that info somewhere
    file_put_contents( 'bf-log.txt', date('c') . "\t{$ip_address}\t{$username}\n", FILE_APPEND );
}
add_action( 'wp_login_failed', 'my_log_brute_force' );

Also this article may be helpful: Getting real IP address in PHP

Related Posts:

  1. Is there any way to rename or hide wp-login.php?
  2. Increase of failed login attempts, brute force attacks? [closed]
  3. How to fake a WordPress login?
  4. Limiting sessions to one IP at a time
  5. Brute force attack?
  6. Receiving “This content cannot be displayed in a frame” error on login page
  7. Websites defaced by uploading script using theme editor
  8. Make wordpress admin failed login attempt return 401
  9. Does WP show me if I’m logged in from multiple locations?
  10. WordPress login urls
  11. How to create a private login page for admin.?
  12. WordPress Security – How to block alternative WordPress access
  13. Protecting WordPress login page
  14. wp-admin folder, brute force, and password protection
  15. Sniffing wordpress user’s credentials
  16. disable site_url redirect in wp-login.php
  17. Limiting sessions to one IP at a time
  18. Does WordPress (or a plugin) reveal login credentials to admin?
  19. Is wp_login_form secure on a non secure page?
  20. WordPress login security
  21. Why isn’t the login page rate limited by default?
  22. How can I password protect a WordPress site without requiring users to log in?
  23. Input sanitation
  24. How to Prevent Brute Force Attack on WordPress
  25. Advice on redirect to lock site from unauthorized users
  26. How do I limit access to wp-admin to an IP range?
  27. Where is the php file, that does the checks for login information?
  28. Error on WordPress Login
  29. Access log “POST /wp-login.php HTTP/1.0” 400
  30. force login loophole
  31. I need to find which is the file that checks the DB for correct login (username, password)
  32. How to create separate login for authors/moderators/subscribers?
  33. How to invalidate `password reset key` after being used
  34. Site is not loading after relogin attempts on SSL
  35. Some crawlers/bots attempting to login with very good guesses. How?
  36. Hide wp-login.php but not the widget
  37. How login is possible, if I deny login page via nginx?
  38. Custom login form
  39. Make my wordpress blog remember my login “forever”
  40. How to check in timber if user is loggedin?
  41. Stop WordPress from logging me out (need to keep me logged in)
  42. Get user ID after logging in
  43. How can I retrieve the username and password from my WordPress installation?
  44. User Directory without a Plugin
  45. Pre checking condition before login
  46. Custom Connect to Facebook, problem logging in/logging out
  47. WordPress Login page trashed
  48. Are there ways of logging in that bypass wp-login.php altogether?
  49. Change Favicon on Login Screen?
  50. screwed-up my blog..what should I do
  51. Changes only show when logged in?
  52. How to integrate external user tables with WP?
  53. WordPress as webapp login session
  54. replace wp-login.php login forms via a hook & use custom forms with wp-login form validation
  55. How to modify the action attribute of the wp-login.php?action=register form?
  56. How can I add a login/logout link in the sub-nav of my website?
  57. Correct passwords keep appearing as incorrect
  58. Odd login issue that needs manual page refresh on some devices
  59. WordPress asking for login on public pages on localhost
  60. 404 redirect wp-login and wp-admin after changing login url [closed]
  61. Show directory listing/browsing if user is logged in
  62. Login form doesn’t log in
  63. WordPress error on log out ‘Not Permitted’ and can’t log out
  64. How can I change the email sender name from wordpress to (myblogname) on the “lost password” email?
  65. Changed primary domain and now wordpress login won’t work
  66. Keep user session with custom implementation of user login
  67. Too many login attempts
  68. Forcing frontend login with UI switch
  69. Login without Password
  70. Does deleting the table users prevent all logins?
  71. I can’t access my WordPress dashboard – shows Warning message [closed]
  72. SQL – Remove All The Users and Create A New User With Admin Role Via PhpMyAdmin
  73. Can I protect a type of content site-wide with a single password?
  74. what is the best and safest way to allow users to register to site
  75. Sharing a logged in session with a custom subdmain site?
  76. MAMP localhost wordpress site, not possible to sign in, username and password are correct
  77. Login issues wordpress page
  78. Make WordPress User Name be the Company Name when Registering (not the default ‘first name’ last name’ email address’)
  79. Why do I have a reauth=1 redirection loop when I try to log in to WordPress hosted on AWS Fargate?
  80. Login form does not store/remember/suggest users password
  81. Problem with is_user_logged_in() function in some pages
  82. Confused – can’t access wordpress dashboard or site that has been published
  83. wordpress login loop and session problem
  84. unable to Login to Admin
  85. Android app – can’t login: “This site already exists in the app, you can’t add it”
  86. Fatal error: Call to undefined function get_plugin_data()
  87. Make WordPress User Name the Email Address When Register
  88. Users redirected to old site
  89. WordPress Login / SSL = Code Question
  90. Save user login date
  91. Login with Username (or Code) only
  92. wp_signon gives error insufficient_permissions
  93. Is there a way to give users the option to log in to their favorite group on login? [closed]
  94. Logging in takes a few refreshes to show you are logged in, is this a cache issue? [closed]
  95. Direct access to site when log in
  96. Can not login after moving to cloudflare and adding rules
  97. Inconsistent login state
  98. Can i hide a dynamically created div to logged out users?
  99. Why am I not able to login to the admin
  100. WP behind haproxy weirdness
Categories login Tags ip, login, security
Use ajax from function.php
Conditional fields in contact form 7 not working

Recommended Hostings

Cloudways: Realize Your Website's Potential With Flexible & Affordable Hosting. 24/7/365 Support, Managed Security, Automated Backups, and 24/7 Real-time Monitoring.

FastComet: Fast SSD Hosting, Free Migration, Hack-Free Security, 24/7 Super Fast Support, 45 Day Money Back Guarantee.

Recent Added Topics

  • Bug in translation system: load_theme_textdomain() returns true, files are available and accessible but the language defaults to english
  • Custom Elementor controls not appearing in the widget Advanced tab using injection hooks
  • Get the name of the template/*html file used
  • Trying to Add Paging to Single Post Page
  • Sharing media files between live and staging servers
  • How to display the description of a custom post type in the dashboard?
  • Critical error on image display
  • Copying WP data and files into new install?
  • How to determine the DirectAdmin WordPress backup date?
  • How to get list of ALL tables in the database?
© 2026 Read For Learn
  • Database
    • Oracle
    • SQL
  • algorithm
  • asp.net
  • assembly
  • binary
  • c#
  • Git
  • hex
  • HTML
  • iOS
  • language angnostic
  • math
  • matlab
  • Tips & Trick
  • Tools
  • windows
  • C
  • C++
  • Java
  • javascript
  • Python
  • R
  • Java Script
  • jQuery
  • PHP
  • WordPress