You can use wp_login_failed action for that purpose… It’s called at the end of wp_authenticate, if user credentials were incorrect.
function my_log_brute_force( $username ) {
$ip_address = $_SERVER['REMOTE_ADDR'];
// store that info somewhere
file_put_contents( 'bf-log.txt', date('c') . "\t{$ip_address}\t{$username}\n", FILE_APPEND );
}
add_action( 'wp_login_failed', 'my_log_brute_force' );
Also this article may be helpful: Getting real IP address in PHP
Related Posts:
- Is there any way to rename or hide wp-login.php?
- Increase of failed login attempts, brute force attacks? [closed]
- How to fake a WordPress login?
- Limiting sessions to one IP at a time
- Brute force attack?
- Receiving “This content cannot be displayed in a frame” error on login page
- Websites defaced by uploading script using theme editor
- Make wordpress admin failed login attempt return 401
- Does WP show me if I’m logged in from multiple locations?
- WordPress login urls
- How to create a private login page for admin.?
- WordPress Security – How to block alternative WordPress access
- Protecting WordPress login page
- wp-admin folder, brute force, and password protection
- Sniffing wordpress user’s credentials
- disable site_url redirect in wp-login.php
- Limiting sessions to one IP at a time
- Does WordPress (or a plugin) reveal login credentials to admin?
- Is wp_login_form secure on a non secure page?
- WordPress login security
- Why isn’t the login page rate limited by default?
- How can I password protect a WordPress site without requiring users to log in?
- Input sanitation
- How to Prevent Brute Force Attack on WordPress
- Advice on redirect to lock site from unauthorized users
- How do I limit access to wp-admin to an IP range?
- Where is the php file, that does the checks for login information?
- Error on WordPress Login
- Access log “POST /wp-login.php HTTP/1.0” 400
- force login loophole
- I need to find which is the file that checks the DB for correct login (username, password)
- How to create separate login for authors/moderators/subscribers?
- How to invalidate `password reset key` after being used
- Site is not loading after relogin attempts on SSL
- Some crawlers/bots attempting to login with very good guesses. How?
- Hide wp-login.php but not the widget
- How login is possible, if I deny login page via nginx?
- Custom login form
- Make my wordpress blog remember my login “forever”
- How to check in timber if user is loggedin?
- Stop WordPress from logging me out (need to keep me logged in)
- Get user ID after logging in
- How can I retrieve the username and password from my WordPress installation?
- User Directory without a Plugin
- Pre checking condition before login
- Custom Connect to Facebook, problem logging in/logging out
- WordPress Login page trashed
- Are there ways of logging in that bypass wp-login.php altogether?
- Change Favicon on Login Screen?
- screwed-up my blog..what should I do
- Changes only show when logged in?
- How to integrate external user tables with WP?
- WordPress as webapp login session
- replace wp-login.php login forms via a hook & use custom forms with wp-login form validation
- How to modify the action attribute of the wp-login.php?action=register form?
- How can I add a login/logout link in the sub-nav of my website?
- Correct passwords keep appearing as incorrect
- Odd login issue that needs manual page refresh on some devices
- WordPress asking for login on public pages on localhost
- 404 redirect wp-login and wp-admin after changing login url [closed]
- Show directory listing/browsing if user is logged in
- Login form doesn’t log in
- WordPress error on log out ‘Not Permitted’ and can’t log out
- How can I change the email sender name from wordpress to (myblogname) on the “lost password” email?
- Changed primary domain and now wordpress login won’t work
- Keep user session with custom implementation of user login
- Too many login attempts
- Forcing frontend login with UI switch
- Login without Password
- Does deleting the table users prevent all logins?
- I can’t access my WordPress dashboard – shows Warning message [closed]
- SQL – Remove All The Users and Create A New User With Admin Role Via PhpMyAdmin
- Can I protect a type of content site-wide with a single password?
- what is the best and safest way to allow users to register to site
- Sharing a logged in session with a custom subdmain site?
- MAMP localhost wordpress site, not possible to sign in, username and password are correct
- Login issues wordpress page
- Make WordPress User Name be the Company Name when Registering (not the default ‘first name’ last name’ email address’)
- Why do I have a reauth=1 redirection loop when I try to log in to WordPress hosted on AWS Fargate?
- Login form does not store/remember/suggest users password
- Problem with is_user_logged_in() function in some pages
- Confused – can’t access wordpress dashboard or site that has been published
- wordpress login loop and session problem
- unable to Login to Admin
- Android app – can’t login: “This site already exists in the app, you can’t add it”
- Fatal error: Call to undefined function get_plugin_data()
- Make WordPress User Name the Email Address When Register
- Users redirected to old site
- WordPress Login / SSL = Code Question
- Save user login date
- Login with Username (or Code) only
- wp_signon gives error insufficient_permissions
- Is there a way to give users the option to log in to their favorite group on login? [closed]
- Logging in takes a few refreshes to show you are logged in, is this a cache issue? [closed]
- Direct access to site when log in
- Can not login after moving to cloudflare and adding rules
- Inconsistent login state
- Can i hide a dynamically created div to logged out users?
- Why am I not able to login to the admin
- WP behind haproxy weirdness