A new minor update of WP Security Audit Log is available for download. We have built a complete new system to monitor failed logins in the new version 1.2.4 of our WordPress security monitoring plugin to avoid clogging the WordPress database.
Addressing the WordPress Database and Resources Issues
This week we received a number of support queries stating that our plugin was the source of high process and memory usage on WordPress websites, where in some cases it even brought down the website or blog.
After troubleshooting some installations we noticed that when a WordPress website is under a brute force password attack, the plugin was consuming a lot of resources retrieving information from and writing information to the WordPress database to keep track of all the failed logins.
To make things worse, over the last few weeks Sucuri identified 3 critical vulnerabilities in 3 very popular WordPress plugins, hence many WordPress websites were the target of brute force attacks, thus also explaining the increase in the number of support tickets we received.
Improved Monitoring of WordPress Failed Logins
To address the issues mentioned above, we have spent the weekend brain storming and came up with a new improved and more efficient system that monitors failed logins activity on a WordPress installation. The new system will not cripple the WordPress database and server even when the WordPress blog or website is under a brute force attack.
The new version of the plugin uses WordPress’ own caching system to cache the list of offending IP addresses, hence does not need to query the WordPress database each time there is a failed login.
Enhanced Reporting of Offending IP Addresses
The same as before, the plugin will still keep a record of every offending IP address. Though now it will reset the list of offending IP addresses every 24 hours, hence allowing WordPress administrators to get a better overview of which are the active and inactive offending IP addresses.
The plugin will also keep a count of how many failed login attempts each offending IP address has launched and will advise the administrator should any of the IP addresses record more than 10 failed logins, thus allowing WordPress administrators to identify automated WordPress brute force attacks.
Note: In this version the plugin won’t report the username being used in the brute force attack, hence it is something we are currently working on and should be available in future updates, so stay tuned with us.
Download WP Security Audit Log Plugin
Download the WordPress security monitoring plugin WP Security Audit Log from the official WordPress plugin repository and start monitoring your WordPress and WordPress multisite installations today. For more information about the plugin, visit the official WP Security Audit Log plugin product page. For more details about the WordPress activity that WP Security Audit Log plugin can monitor refer to the List of WordPress Security Audit Log Alerts.
Updating WP Security Audit Log Plugin
Once you login to your WordPress using an administrator account you will be automatically notified that an upgrade of WP Security Audit Log plugin is available. You can upgrade automatically by clicking the upgrade link.
If you want to manually upgrade the plugin; download WP Security Audit Log from the WordPress repository, deactivate the plugin from the WordPress dashboard, delete all plugin files and replace them with the new files. Once all files are uploaded, enable the plugin from the WordPress dashboard.
Rate WP Security Audit Log Plugin
If WP Security Audit Log plugin helped you improve the security and monitoring of your WordPress blogs and websites, please rate WP Security Audit Log on the WordPress repository. If you have any questions, feedback or need support please get in touch with us by sending us an email on firstname.lastname@example.org.
You can also subscribe to our WP White Security Plugins newsletter to get notified via emails when new updates, plugins and tips are available.