Updating transient value frequently

For your use case, no.

  • Using PHP sessions – will not work on most hosts, and will make that data available only to the browser and the current PHP request. This severely limits the usefulness
  • Using Cookies – will work everywhere but have the same issue that you can’t persist server side or track things
  • Using transients – will work to a point, you’ll have a row in the options table for every visitor though, which is the crux of the issue. Transients also get garbage collected, and there’s a chance that every update you make will trigger a new options row and an old transient to be cleaned up

Fundamentally the approach of storing a collection of data in an individual unit is flawed, and collecting additional data such as clicks, and the details used, will cause more problems, and in most cases be completely ineffectual:

  • There are legal complications due to privacy
  • There are security complications as misspelling a password by 1 character reveals the users password in the logs
  • Storing an IP and a username means that you’ve stored identifiable information, which means you have to worry about compliance with data protection laws such as the GPDR
  • Most failed login attempts are from bots, so there won’t be any clicks, there may not even be a browser. They’ll open a direct request bypassing the login page straight to the handler and check the response for success. Bots don’t even check you’re running WordPress and fire both WP/Drupal/Joomla exploits and login attempts indiscriminately
  • Failed login attempts can quick spiral out of control, with even small low traffic sites recieving spikes of hundreds or even thousands of attempts. If you’re storing each visitor in a single option or transient, that could be hundreds or thousands of additional table rows. You could be constructing for yourself a resource exhaustion exploit

So instead, I would suggest:

  • tracking the minimal information possible, aka an IP and how many times it attempted, perhaps just a list of timestamps that you can count
  • Either store it in a single option, with autoload set to false so it doesn’t slow down your site, or use a dedicated table

Related Posts:

  1. Does using set_transient() function can lead to MySQL problems?
  2. Is get_option() faster than accessing get_transient()?
  3. Best practices for using the transients API
  4. WordPress and PHP Sessions – Security and Performance
  5. How should you hook a session_start() when authoring a plugin?
  6. Why does WordPress create two transients with the same name when I specify timeout value?
  7. Sessions not creating correctly in custom function
  8. Clearing cached plugin data if it is using an external object cache
  9. Storing product price data in the database
  10. External Authentication, session_tokens not destroyed on logout
  11. Is using custom table to suit business needs instead of transients a big hit to page load speed?
  12. captcha not working in my custom plugin
  13. Displaying “One Time” Notification in Plugins
  14. Custom Plugin Options Won’t Update
  15. Workflow for new importer plugin – your advices?
  16. $_SESSION inside php function executed by AJAX
  17. Is it possible to restore an expired transient?
  18. How to create session for user which is not an admin user
  19. Sessions in plugin development?
  20. Create a Custom Login System in WordPress [closed]
  21. How to create an API for my plugin?
  22. Plugins in symlinked directories?
  23. Is there a way for a plug-in to get it’s own version number?
  24. How to add tab which is visible only in admin side of product in woocommerce? [closed]
  25. Hook the Keydown Event in the TinyMCE Post Editor
  26. Elementor Fatal error: Class ‘Elementor\Widget_Base’ not found
  27. Headers already sent error with CSV export plugin
  28. How to add HTML / Form to an Admin Bar Menu
  29. Unable to write test cases for a WordPress plugin using PHPUnit and WP-CLI
  30. Modify how gallery.js builds the shortcode [gallery ...] in tinyMCE?
  31. How to use is_multisite() in a must-use-plugin?
  32. why creating tables using $wpdb is not being executed while installing plugins?
  33. How to update the language used by wordpress from a plugin
  34. Is there any background process that I can run from plugin without depending on page hits on a website without affecting page-load speed?
  35. Woocommerce how to update variable product price programitically?
  36. Using $wpdb object in a widget
  37. Modify a Free Plugin available on wordpress.org & include with my Premium Theme? [closed]
  38. Using wp_filesystem in Plugins to store customizer settings
  39. Can I use the different settings sections over different pages using the save options group?
  40. WYSIWYG editor in WP 3.2 plugin
  41. How do I write a shortcode that opens and closes?
  42. What is minimum time interval for which a cron be scheduled?
  43. Plugin developement and SVN
  44. Plugin writing: access file that was just uploaded
  45. Using WPDB to output raw XML fails because of wp-blog-header.php
  46. PHP – Extend WordPress Woocommerce Revenue Analytics with custom field
  47. Amending REST API function without deactivate/activate plugin every time changes is made
  48. How can I listen to events in Gutenberg block?
  49. It’s possible to passing a ref to FormTokenField from parent component using forwardRef?
  50. How to show filters on table when using WP_List_Table
  51. Unable to change footer using wp_footer action hook
  52. Add a default WP comment form to forum template
  53. Admin Posts List (edit.php) by post IDs
  54. wp_localize_script is not adding a global variable for javascript
  55. wp_get_theme Warning: Illegal offset type
  56. wordpress is adding a second backslash when I use addslashes
  57. Silently register plugin pages
  58. Plugin: database creation
  59. How do I remove folder and contents I have created while installing plugin
  60. How to add a hyperlink to the email content in WordPress?
  61. Menu page with minimum capability as ‘Subscriber’ doesn’t allow ‘Admin’ to access it?
  62. Replace first occurence of a word with link [closed]
  63. Converting core modification to a plugin
  64. How to replace settings in WordPress plugin from a theme
  65. Adding filter to the title without affecting the menu title
  66. How to validate inputs with filter in register_setting callback
  67. How can the_excerpt (or equivalent) be called on a category description?
  68. Plugin Creation: Overriding upload_max_size and post_max_size
  69. Problems with wierd characters and my plugin
  70. How to call a function from a shortcode function in an oop plugin
  71. How to access index file in Block Themes?
  72. wp_new_user_notifications to notify user and admin about new user registration
  73. Is it possible to use the MySQL’s ORDER BY FIELD() clause as part of the pre_get_posts hook?
  74. Multiple TinyMCE on button click is initialized and appended but why only last one is writeable?
  75. How to create a custom post-new.php page for plugin , no wp menu
  76. How to create a custom WordPress page with my plugin?
  77. How to re-render inspector controls?
  78. Why User_login key doesn’t work with wp_update_user()
  79. How to limit number of category term display in home page grids?
  80. A question on init and activation hooks
  81. Shortcode content is not showing. Only the [shortcode-tag] is showing
  82. How to remove the WooCommerce Product->Category thumbnail from admin [closed]
  83. Is it possible to replace MySQL with JSON files for WordPress
  84. Add custom html classes to gutenberg wrapper
  85. Plugin Development – Call to undefined function comment_exists()
  86. Replace “content-area” of themes 404 page with plugin?
  87. Autoloading & Namespaces in WordPress Plugins & Themes: Can it Work?
  88. WordPress doesn’t create table on plugin activation
  89. Create Customization panel for Plugins not for theme
  90. How is construct function working even when variable is assigned null value?
  91. Custom signature appears twice on page
  92. Declaring a new woo commerce product type i get this error
  93. List Available Templates for Current Theme in a Plugin
  94. Do a summary based on sections in a post
  95. Plugin as custom page
  96. Adding Third Post Box Column: postbox-container-3
  97. WooCommerce custom payment gateway
  98. Is using upgrader_process_complete the correct way to perform plugin updates?
  99. Load images from CDN and custom features to “Add Media” dialogue
  100. Saving metabox updates causing fatal error