You can use wp_login_failed
action for that purpose… It’s called at the end of wp_authenticate
, if user credentials were incorrect.
function my_log_brute_force( $username ) {
$ip_address = $_SERVER['REMOTE_ADDR'];
// store that info somewhere
file_put_contents( 'bf-log.txt', date('c') . "\t{$ip_address}\t{$username}\n", FILE_APPEND );
}
add_action( 'wp_login_failed', 'my_log_brute_force' );
Also this article may be helpful: Getting real IP address in PHP
Related Posts:
- Is there any way to rename or hide wp-login.php?
- Increase of failed login attempts, brute force attacks? [closed]
- How to fake a WordPress login?
- Limiting sessions to one IP at a time
- Brute force attack?
- Receiving “This content cannot be displayed in a frame” error on login page
- Websites defaced by uploading script using theme editor
- Make wordpress admin failed login attempt return 401
- Does WP show me if I’m logged in from multiple locations?
- WordPress login urls
- How to create a private login page for admin.?
- WordPress Security – How to block alternative WordPress access
- Protecting WordPress login page
- wp-admin folder, brute force, and password protection
- Sniffing wordpress user’s credentials
- disable site_url redirect in wp-login.php
- Limiting sessions to one IP at a time
- Does WordPress (or a plugin) reveal login credentials to admin?
- Is wp_login_form secure on a non secure page?
- WordPress login security
- Why isn’t the login page rate limited by default?
- How can I password protect a WordPress site without requiring users to log in?
- Input sanitation
- How to Prevent Brute Force Attack on WordPress
- Advice on redirect to lock site from unauthorized users
- How do I limit access to wp-admin to an IP range?
- Where is the php file, that does the checks for login information?
- Error on WordPress Login
- Access log “POST /wp-login.php HTTP/1.0” 400
- force login loophole
- I need to find which is the file that checks the DB for correct login (username, password)
- How to create separate login for authors/moderators/subscribers?
- How to invalidate `password reset key` after being used
- Site is not loading after relogin attempts on SSL
- Some crawlers/bots attempting to login with very good guesses. How?
- Hide wp-login.php but not the widget
- How login is possible, if I deny login page via nginx?
- Redirect user using the ‘wp_login_failed’ action hook if the error is ’empty_username’ or ’empty_password’
- wp_signon() does not authenticate user guidance needed
- How to pass users back and forth using session data?
- Avoid to load default WP styles in login screen
- Send reset password link to user from custom lost password form
- Change sign-on URLs for security purposes
- Prevent Brute Force Attack
- How long do users stay logged in if they DON’T check remember me?
- How does WordPress track that a certain User is Logged-In
- 2 wordpress blogs with 1 users table and 1 login
- How can i add validation to this login form with out it redirecting to the wp-login.php page
- Bootstrap Modal as login page
- Custom login page always redirecting to wp-login.php
- Deny a user role to log in after register
- wp_get_referer not working properly after wp_redirect
- Login Button CSS
- Force Users to Login – loop problem
- I want to disable login of admin (/wp-admin) with email and make it accessible only with username
- Is there a better way than checking user is logged in to show or hide adminbar?
- Show errors on custom login form [duplicate]
- Change login_message using title
- Changing WP login credential [closed]
- How to change wordpress Log In text
- WordPress Cant access wp-login.php
- How to remove ‘wordpress…’ text from page titles in tabs
- Using gettext to translate wp-login.php can’t translate `Back to` into other language
- Display first name instead of username
- How can I make a login just like on wordpress.org?
- How can I insert wordpress login screen on a different domain?
- autocomplete=”off” WordPress Login
- Why there is a 302 status when my account and password are right?
- 503 Login WordPress [closed]
- Password recovery URL has error – but not found in code or db
- If I use an alternative login (e.g. CAS or other SSO) plugin, is my site protected from the recent brute force login attempts?
- This webpage has a redirect loop issue
- Create front end member login
- I can’t access my wp-admin dashboard
- Cannot login to WordPress on one device: login refreshes/an error was encountered whilst trying to authenticate
- Make an order of products without login
- Updated : how to make email optional while user registration using default wordpress form
- I can’t log in to `wp-admin` after changing my domain
- My wordpress site crashes when I login!
- End session screen not close automatically after login
- Unable to login with email address as the username – WordPress
- Bypass login page
- Using WordPress login for a non word-press website
- Using is_user_logged_in() to lock down whole site
- https rewrite not working for All in one security Brute force > rename login url
- WordPress login is not showing , there is warning?
- WordPress Redirect After logging
- How to Create a login for for subscribers only
- WordPress auto login user after registration only from a specific page
- Custom Field For Login
- User login without username, only password
- Login user after registration programmatically
- wp_lostpassword_url not escaped
- External Authentication
- Login to wordpress with filezilla client [closed]
- Users cannot log in using popup
- WordPress – Security Question at Login from User’s Meta Data
- How can I automatically change directory on ssh login?
- How to create a fully functional user registration in WordPress?
- How to remove without touching the pluggable.php the wordpress_logged_in cookie to show the username on login?