Want to know when someone attempts to access your user account on a WordPress install? What to know when a new device successfully logs into your account? Monitor Logins does both.
Table of Contents
Monitor Logins is a WordPress plugin compatible with WordPress versions 3.5 and up. This plugin monitors login attempts to both real and non-existent user accounts on your WordPress site. Attempts to login to non-existent accounts sends alerts to the admin email for the WordPress install. Failed attempts to login to user accounts cause email notices to be sent to that user. That is, if they have notifications enabled. Notifications are enabled on a per user basis, and are off by default.
Additionally, Monitor Logins will remember devices used to login with, should a device be “new” upon successful login a notice will be sent to the user. Devices are forgotten if they have not been seen for a few months.
Finally, Monitor Logins provides a list of recent logins, akin to what Gmail does. Only a user can view his/her own login activity (never visible to administrators). This provides yet another way for users to keep tabs on who is accessing his/her account.
Latest Stable Release: See Latest Testing Release
Latest Testing Release: Monitor Logins Git Master
- Download the plugin zip archive, see Download section.
- Disable any previous version of this plugin.
- Extract the contents of the zip archive into your plugins folder (wp-content/plugins).
- Enable the Monitor Logins plugin in the administration panel under the Plugins > Installed section.
- Continue onto the Basic Usage section.
After activating Monitor Logins, to start protecting your account, navigate to your profile in the WordPress dashboard. Then, under the Personal Options, check the checkbox next to the “Account Monitoring” setting.
Monitoring Non-Existent Users
Monitor Logins can monitor attempts to login to non-existent user accounts on your WordPress install. When non-existent user monitoring is enabled, Monitor Logins will send emails to the admin email address for the WordPress install (The email address found under Settings > General) when attempts to log into a non-existent user account occurs. To enable this feature, navigate to the General settings page for WordPress, near the bottom there should be a setting titled “Account Monitoring”, check the box and save the settings.
Receive More Information
Monitor Logins can send additional, more detailed information on unsuccessful login attempts. This additional information is sent via email when debug mode it enabled. To enable debug mode, add the following to your wp-config.php:
By default, Monitor Logins will send the password that was used in the unsuccessful login attempt. While this is only sent to the email of the user you may not want to track this. Monitor Logins applies the filter
mlog_password to the attempted password before sending the notification email. This filter can be used to either blank/place a default placeholder for the password, or to replace it with an encrypted version (you would want to use an encryption scheme that uses private and public key pairs).
Version History and Changelog
- 0.2.1 [1-22-2015]:
Bug fix: Remove call to deprecated function
- 0.2.0 [5-04-2013]:
New Feature: Added option to General Settings page to turn off monitoring of non-existent accounts.
- 0.1.0 [3-06-2013]:
Initial Public Release
Monitor Logins is released under the GNU GPL 2.0 license and comes with absolutely no warranty. By downloading Monitor Logins you agree to the terms of the GNU GPL 2.0 license.