Version Description
(2014-07-27) = * Improvements * Improved monitoring of failed logins, addressed issues reported here, here, here and here
Download this release
Release Info
| Developer | WPWhiteSecurity |
| Plugin |  WP Security Audit Log |
| Version | 1.2.4 |
| Comparing to | |
| See all releases | |
Code changes from version 1.2.3 to 1.2.4
classes/Sensors/LogInOut.php
CHANGED
|
@@ -19,12 +19,41 @@ class WSAL_Sensors_LogInOut extends WSAL_AbstractSensor {
|
|
| 19 |
$this->plugin->alerts->Trigger(1001);
|
| 20 |
}
|
| 21 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22 |
public function EventLoginFailure($username){
|
|
|
|
| 23 |
list($y, $m, $d) = explode('-', date('Y-m-d'));
|
| 24 |
|
|
|
|
| 25 |
$tt1 = new WSAL_DB_Occurrence();
|
| 26 |
$tt2 = new WSAL_DB_Meta();
|
| 27 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 28 |
$occ = WSAL_DB_Occurrence::LoadMultiQuery('
|
| 29 |
SELECT * FROM `' . $tt1->GetTable() . '`
|
| 30 |
WHERE alert_id = %d AND site_id = %d
|
|
@@ -33,32 +62,32 @@ class WSAL_Sensors_LogInOut extends WSAL_AbstractSensor {
|
|
| 33 |
SELECT occurrence_id as id
|
| 34 |
FROM `' . $tt2->GetTable() . '`
|
| 35 |
WHERE (name = "ClientIP" AND value = %s)
|
| 36 |
-
OR (name = "Username" AND value = %s)
|
| 37 |
GROUP BY occurrence_id
|
| 38 |
-
HAVING COUNT(*) =
|
| 39 |
)
|
| 40 |
', array(
|
| 41 |
1002,
|
| 42 |
(function_exists('get_current_blog_id') ? get_current_blog_id() : 0),
|
| 43 |
mktime(0, 0, 0, $m, $d, $y),
|
| 44 |
mktime(0, 0, 0, $m, $d + 1, $y) - 1,
|
| 45 |
-
json_encode(
|
| 46 |
-
json_encode($username),
|
| 47 |
));
|
| 48 |
|
| 49 |
$occ = count($occ) ? $occ[0] : null;
|
| 50 |
|
| 51 |
if($occ && $occ->IsLoaded()){
|
| 52 |
// update existing record
|
| 53 |
-
$occ->
|
| 54 |
-
|
| 55 |
-
)
|
|
|
|
|
|
|
|
|
|
| 56 |
$occ->created_on = null;
|
| 57 |
$occ->Save();
|
| 58 |
}else{
|
| 59 |
// create a new record
|
| 60 |
$this->plugin->alerts->Trigger(1002, array(
|
| 61 |
-
'Username' => $username,
|
| 62 |
'Attempts' => 1
|
| 63 |
));
|
| 64 |
}
|
| 19 |
$this->plugin->alerts->Trigger(1001);
|
| 20 |
}
|
| 21 |
|
| 22 |
+
const TRANSIENT_FAILEDLOGINS = 'wsal-failedlogins';
|
| 23 |
+
|
| 24 |
+
protected function GetLoginFailureLogLimit(){
|
| 25 |
+
return 10;
|
| 26 |
+
}
|
| 27 |
+
|
| 28 |
+
protected function GetLoginFailureExpiration(){
|
| 29 |
+
return 12 * 60 * 60;
|
| 30 |
+
}
|
| 31 |
+
|
| 32 |
+
protected function IsPastLoginFailureLimit($ip){
|
| 33 |
+
$data = get_transient(self::TRANSIENT_FAILEDLOGINS);
|
| 34 |
+
return ($data !== false) && ($data[$ip] > ($this->GetLoginFailureLogLimit()));
|
| 35 |
+
}
|
| 36 |
+
|
| 37 |
+
protected function IncrementLoginFailure($ip){
|
| 38 |
+
$data = get_transient(self::TRANSIENT_FAILEDLOGINS);
|
| 39 |
+
if(!$data)$data = array();
|
| 40 |
+
if(!isset($data[$ip]))$data[$ip] = 0;
|
| 41 |
+
$data[$ip]++;
|
| 42 |
+
set_transient(self::TRANSIENT_FAILEDLOGINS, $data, $this->GetLoginFailureExpiration());
|
| 43 |
+
}
|
| 44 |
+
|
| 45 |
public function EventLoginFailure($username){
|
| 46 |
+
|
| 47 |
list($y, $m, $d) = explode('-', date('Y-m-d'));
|
| 48 |
|
| 49 |
+
$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
|
| 50 |
$tt1 = new WSAL_DB_Occurrence();
|
| 51 |
$tt2 = new WSAL_DB_Meta();
|
| 52 |
|
| 53 |
+
if($this->IsPastLoginFailureLimit($ip))return;
|
| 54 |
+
|
| 55 |
+
$this->IncrementLoginFailure($ip);
|
| 56 |
+
|
| 57 |
$occ = WSAL_DB_Occurrence::LoadMultiQuery('
|
| 58 |
SELECT * FROM `' . $tt1->GetTable() . '`
|
| 59 |
WHERE alert_id = %d AND site_id = %d
|
| 62 |
SELECT occurrence_id as id
|
| 63 |
FROM `' . $tt2->GetTable() . '`
|
| 64 |
WHERE (name = "ClientIP" AND value = %s)
|
|
|
|
| 65 |
GROUP BY occurrence_id
|
| 66 |
+
HAVING COUNT(*) = 1
|
| 67 |
)
|
| 68 |
', array(
|
| 69 |
1002,
|
| 70 |
(function_exists('get_current_blog_id') ? get_current_blog_id() : 0),
|
| 71 |
mktime(0, 0, 0, $m, $d, $y),
|
| 72 |
mktime(0, 0, 0, $m, $d + 1, $y) - 1,
|
| 73 |
+
json_encode($ip),
|
|
|
|
| 74 |
));
|
| 75 |
|
| 76 |
$occ = count($occ) ? $occ[0] : null;
|
| 77 |
|
| 78 |
if($occ && $occ->IsLoaded()){
|
| 79 |
// update existing record
|
| 80 |
+
$new = $occ->GetMetaValue('Attempts', 0) + 1;
|
| 81 |
+
|
| 82 |
+
if($new > $this->GetLoginFailureLogLimit())
|
| 83 |
+
$new = $this->GetLoginFailureLogLimit() . '+';
|
| 84 |
+
|
| 85 |
+
$occ->SetMetaValue('Attempts', $new);
|
| 86 |
$occ->created_on = null;
|
| 87 |
$occ->Save();
|
| 88 |
}else{
|
| 89 |
// create a new record
|
| 90 |
$this->plugin->alerts->Trigger(1002, array(
|
|
|
|
| 91 |
'Attempts' => 1
|
| 92 |
));
|
| 93 |
}
|
languages/wp-security-audit-log-es_ES.mo
ADDED
|
Binary file
|
languages/wp-security-audit-log-it_IT.mo
CHANGED
|
Binary file
|
readme.txt
CHANGED
|
@@ -7,7 +7,7 @@ License URI: http://www.gnu.org/licenses/gpl.html
|
|
| 7 |
Tags: wordpress security plugin, wordpress security audit log, audit log, wordpress log, event log wordpress, wordpress user tracking, wordpress activity log, wordpress audit, security event log, audit trail, security audit trail, wordpress security alerts, wordpress monitor, wordpress security monitor, wordpress admin, wordpress admin monitoring, analytics, activity, admin, multisite, wordpress multisite
|
| 8 |
Requires at least: 3.6
|
| 9 |
Tested up to: 3.9.1
|
| 10 |
-
Stable tag: 1.2.
|
| 11 |
|
| 12 |
Identify WordPress issues before they become a security problem by keeping an audit log of users and all of the under the hood WordPress activity.
|
| 13 |
|
|
@@ -59,6 +59,7 @@ We need help translating the plugin and the WordPress Security Events. If you're
|
|
| 59 |
|
| 60 |
* Italian translation by [Leonardo Musumeci](http://leonardomusumeci.net/)
|
| 61 |
* German translation by [Mourad Louha](http://excel-translator.de)
|
|
|
|
| 62 |
|
| 63 |
= WordPress & PHP Errors Monitoring Tools =
|
| 64 |
Plugins and themes customizations are most probably the norm of the day on large WordPress websites, not to mention the installation of new plugins and components. With WP Security Audit Log now it is easier than ever before to monitor your plugins', theme's and other code behaviour, it will generate a alert when a PHP error, warning, exception or shutdown is detected. It is also possible to log all HTTP GET and POST requests that are reaching your WordPress installation to a log file with WP Security Audit Log. Simply enable the PHP Errors monitoring or logging from the plugins settings.
|
|
@@ -75,7 +76,6 @@ WP Security Audit Log plugin also has a number of features that make WordPress a
|
|
| 75 |
* User role is reported in alerts for a complete overview of what is happening
|
| 76 |
* User avatar is reported in the alerts for better recognizability
|
| 77 |
* Enable or disable any security alerts
|
| 78 |
-
* From where WordPress users are logging in
|
| 79 |
* and much more...
|
| 80 |
|
| 81 |
= As Featured On: =
|
|
@@ -130,6 +130,10 @@ Yes, WP Security Audit Log works on WordPress Multisite networks, i.e. it can mo
|
|
| 130 |
|
| 131 |
== Changelog ==
|
| 132 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 133 |
= 1.2.3 (2014-07-23) =
|
| 134 |
* Improvements
|
| 135 |
* Improved database structure for better support of high-traffic WordPress and WordPress multisite installations
|
| 7 |
Tags: wordpress security plugin, wordpress security audit log, audit log, wordpress log, event log wordpress, wordpress user tracking, wordpress activity log, wordpress audit, security event log, audit trail, security audit trail, wordpress security alerts, wordpress monitor, wordpress security monitor, wordpress admin, wordpress admin monitoring, analytics, activity, admin, multisite, wordpress multisite
|
| 8 |
Requires at least: 3.6
|
| 9 |
Tested up to: 3.9.1
|
| 10 |
+
Stable tag: 1.2.4
|
| 11 |
|
| 12 |
Identify WordPress issues before they become a security problem by keeping an audit log of users and all of the under the hood WordPress activity.
|
| 13 |
|
| 59 |
|
| 60 |
* Italian translation by [Leonardo Musumeci](http://leonardomusumeci.net/)
|
| 61 |
* German translation by [Mourad Louha](http://excel-translator.de)
|
| 62 |
+
* Spanish translation by Andrew Kurtis
|
| 63 |
|
| 64 |
= WordPress & PHP Errors Monitoring Tools =
|
| 65 |
Plugins and themes customizations are most probably the norm of the day on large WordPress websites, not to mention the installation of new plugins and components. With WP Security Audit Log now it is easier than ever before to monitor your plugins', theme's and other code behaviour, it will generate a alert when a PHP error, warning, exception or shutdown is detected. It is also possible to log all HTTP GET and POST requests that are reaching your WordPress installation to a log file with WP Security Audit Log. Simply enable the PHP Errors monitoring or logging from the plugins settings.
|
| 76 |
* User role is reported in alerts for a complete overview of what is happening
|
| 77 |
* User avatar is reported in the alerts for better recognizability
|
| 78 |
* Enable or disable any security alerts
|
|
|
|
| 79 |
* and much more...
|
| 80 |
|
| 81 |
= As Featured On: =
|
| 130 |
|
| 131 |
== Changelog ==
|
| 132 |
|
| 133 |
+
= 1.2.4 (2014-07-27) =
|
| 134 |
+
* Improvements
|
| 135 |
+
* Improved monitoring of failed logins, addressed issues reported [here](http://wordpress.org/support/topic/horrible-performance#post-), [here](http://wordpress.org/support/topic/much-too-much-sql-load#post-), [here](http://wordpress.org/support/topic/overload-due-to-this-plugin#post-) and [here](http://wordpress.org/support/topic/mysql-200-cpu-time-copying-to-tmp-table)
|
| 136 |
+
|
| 137 |
= 1.2.3 (2014-07-23) =
|
| 138 |
* Improvements
|
| 139 |
* Improved database structure for better support of high-traffic WordPress and WordPress multisite installations
|
wp-security-audit-log.php
CHANGED
|
@@ -4,7 +4,7 @@ Plugin Name: WP Security Audit Log
|
|
| 4 |
Plugin URI: http://www.wpwhitesecurity.com/wordpress-security-plugins/wp-security-audit-log/
|
| 5 |
Description: Identify WordPress security issues before they become a problem and keep track of everything happening on your WordPress, including WordPress users activity. Similar to Windows Event Log and Linux Syslog, WP Security Audit Log will generate a security alert for everything that happens on your WordPress blog or website. Use the Audit Log Viewer included in the plugin to see all the security alerts.
|
| 6 |
Author: WP White Security
|
| 7 |
-
Version: 1.2.
|
| 8 |
Text Domain: wp-security-audit-log
|
| 9 |
Author URI: http://www.wpwhitesecurity.com/
|
| 10 |
License: GPL2
|
| 4 |
Plugin URI: http://www.wpwhitesecurity.com/wordpress-security-plugins/wp-security-audit-log/
|
| 5 |
Description: Identify WordPress security issues before they become a problem and keep track of everything happening on your WordPress, including WordPress users activity. Similar to Windows Event Log and Linux Syslog, WP Security Audit Log will generate a security alert for everything that happens on your WordPress blog or website. Use the Audit Log Viewer included in the plugin to see all the security alerts.
|
| 6 |
Author: WP White Security
|
| 7 |
+
Version: 1.2.4
|
| 8 |
Text Domain: wp-security-audit-log
|
| 9 |
Author URI: http://www.wpwhitesecurity.com/
|
| 10 |
License: GPL2
|
