A new minor update of WP Security Audit Log is available for download. We have built a complete new system to monitor failed logins in the new version 1.2.4 of our WordPress security monitoring plugin to avoid clogging the WordPress database.

Addressing the WordPress Database and Resources Issues

This week we received a number of support queries stating that our plugin was the source of high process and memory usage on WordPress websites, where in some cases it even brought down the website or blog.

After troubleshooting some installations we noticed that when a WordPress website is under a brute force password attack, the plugin was consuming a lot of resources retrieving information from and writing information to the WordPress database to keep track of all the failed logins.

To make things worse, over the last few weeks Sucuri identified 3 critical vulnerabilities in 3 very popular WordPress plugins, hence many WordPress websites were the target of brute force attacks, thus also explaining the increase in the number of support tickets we received.

Improved Monitoring of WordPress Failed Logins

To address the issues mentioned above, we have spent the weekend brain storming and came up with a new improved and more efficient system that monitors failed logins activity on a WordPress installation. The new system will not cripple the WordPress database and server even when the WordPress blog or website is under a brute force attack.

The new version of the plugin uses WordPress’ own caching system to cache the list of offending IP addresses, hence does not need to query the WordPress database each time there is a failed login.

Enhanced Reporting of Offending IP Addresses

The same as before, the plugin will still keep a record of every offending IP address. Though now it will reset the list of offending IP addresses every 24 hours, hence allowing WordPress administrators to get a better overview of which are the active and inactive offending IP addresses.

The plugin will also keep a count of how many failed login attempts each offending IP address has launched and will advise the administrator should any of the IP addresses record more than 10 failed logins, thus allowing WordPress administrators to identify automated WordPress brute force attacks.

Note: In this version the plugin won’t report the username being used in the brute force attack, hence it is something we are currently working on and should be available in future updates, so stay tuned with us.

Download WP Security Audit Log Plugin

Download the WordPress security monitoring plugin WP Security Audit Log from the official WordPress plugin repository and start monitoring your WordPress and WordPress multisite installations today. For more information about the plugin, visit the official WP Security Audit Log plugin product page. For more details about the WordPress activity that WP Security Audit Log plugin can monitor refer to the List of WordPress Security Audit Log Alerts.

Updating WP Security Audit Log Plugin

Once you login to your WordPress using an administrator account you will be automatically notified that an upgrade of WP Security Audit Log plugin is available. You can upgrade automatically by clicking the upgrade link.

If you want to manually upgrade the plugin; download WP Security Audit Log from the WordPress repository, deactivate the plugin from the WordPress dashboard, delete all plugin files and replace them with the new files. Once all files are uploaded, enable the plugin from the WordPress dashboard.

Rate WP Security Audit Log Plugin

If WP Security Audit Log plugin helped you improve the security and monitoring of your WordPress blogs and websites, please rate WP Security Audit Log on the WordPress repository. If you have any questions, feedback or need support please get in touch with us by sending us an email on plugins@wpwhitesecurity.com.

You can also subscribe to our WP White Security Plugins newsletter to get notified via emails when new updates, plugins and tips are available.

Comments

  1. Using IPv4 address to block is using a stick of dynamite when a hammer is needed. Simply, the vast majority of online presence is behind shared IP address technology (clients and served websites). Thus, many clients/sites are unfairly harmed when a IPv4 address is blocked. When are ISPs going to step up and halt/mitigate miscreant computer use? The ISPs need to simply turn off clients and servers until the miscreant action is halted. It is time to start phasing out PHP and Javascript and replace them with environments that reduce cross-contamination and eliminate security holes by using deny unless permitted models and enforced name spaces. It is not that PHP and Javascript are evil. They are not. They were just never intended for the current situations.

    • Hi Reed,

      Well this is definitely a problem the security is facing yet is not equipped to block it. We already moved ahead and now are able to detect such behaviour quite early, the next step is blocking it. Also I wouldn’t blame PHP or Javascript, I mean these are just frameworks, hence we should change the way we build web applications with them rather than change the actual framework.

  2. I prefer to use HTTP Authentication with my site. Most of the scanning tools do not handle HTTP Auth since they are looking for the WordPress login form.

    If you don’t like the double login, use a password manager. I have one that logs me in automatically and I never worry about someone guessing my passwords.

    • Hi Jeff,

      I totally agree with you. I think HTTP Authentication solves a lot of WordPress security issues without having to hassle with redirecting the login page and all the other kerfuffle.

Speak Your Mind

*

Is your WordPress Hacker Proof?

WP White Security specializes in WordPress security services such as malware removal, security hardening and security audits. For more information about our services, refer to our Security Services page.

Security Services Tel: +44 20 3588 0327