by Federico Rota
5 (1 reviews)
Authentication and xmlrpc log writer
Log of failed access, pingbacks, user enumeration, disable xmlrpc authenticated methods, kill xmlrpc request on authentication error.
Tested up to WP 4.7 (Current: 6.9)
v1.2.2
Current Version v1.2.2
Updated 9 years ago
Last Update on 18 Nov, 2016
Synced 11 hours ago
Last Synced on
Rank
#18,368
-88 this week
Active Installs
70+
-15.7%
KW Avg Position
53.3
+2.5 better
Downloads
4.5K
+2 today
Support Resolved
0%
—
No change
Rating
100%
Review 5 out of 5
5
(1 reviews)
Next Milestone 80
70+
80+
661
Ranks to Climb
-
Growth Needed
8,000,000
Active Installs
Pro
Unlock Exact Install Count
See the precise estimated active installs for this plugin, calculated from real-time ranking data.
- Exact install estimates within tiers
- Track install growth over time
- Milestone progress predictions
Need 5 more installs to reach 80+
Rank Changes
Current
#18,368
Change
Best
#
Downloads Growth
Downloads
Growth
Peak
Upgrade to Pro
Unlock 30-day, 90-day, and yearly download history charts with a Pro subscription.
Upgrade NowReviews & Ratings
5.0
1 reviews
Overall
100%
5
1
(100%)
4
0
(0%)
3
0
(0%)
2
0
(0%)
1
0
(0%)
Tracked Keywords
Showing 4 of 4| Keyword | Position | Change | Type | Updated |
|---|---|---|---|---|
| xmlrpc hack | 4 | — | Tag | 12 hours ago |
| authentication logger | 12 | — | Tag | 12 hours ago |
| fail2ban | 18 | — | Tag | 12 hours ago |
| Brute Force | 179 | — | Tag | 12 hours ago |
Unlock Keyword Analytics
Track keyword rankings, search positions, and discover new ranking opportunities with a Pro subscription.
- Full keyword position tracking
- Historical ranking data
- Competitor keyword analysis
Track This Plugin
Get detailed analytics, keyword tracking, and position alerts delivered to your inbox.
Start Tracking FreePlugin Details
- Version
- 1.2.2
- Last Updated
- Nov 18, 2016
- Requires WP
- 3.5.1+
- Tested Up To
- 4.7
- PHP Version
- N/A
- Author
- Federico Rota
Support & Rating
- Rating
- ★ ★ ★ ★ ★ 5
- Reviews
- 1
- Support Threads
- 0
- Resolved
- 0%
Keywords
Upgrade to Pro
Unlock keyword rankings, search positions, and detailed analytics with a Pro subscription.
Upgrade NowSimilar Plugins
WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer
7K+ installs
#2,736
Master Addons For Elementor - White Label, Free Widgets, Hover Effects, Conditions, & Animations
40K+ installs
#929
Anti-Malware Security and Brute-Force Firewall
100K+ installs
#295
WPS Limit Login
100K+ installs
#309
reCaptcha by BestWebSoft
100K+ installs
#316
Frequently Asked Questions
Common questions about Authentication and xmlrpc log writer
Error Type: define the error type
Options:
SYSTEM -> write into SYSLOG;
APACHE -> write into APCACHE ERROR LOG;
CUSTOM -> write into log file defined into admin panel;
CUSTOM Error Log Path: error log file absolute path ( only in CUSTOM mode )
e.g. /your/error/logs/path/
CUSTOM Error Log Name: error log file name ( only in CUSTOM mode )
e.g. sites_auth_errors.log
TIMEZONE: time zone to use ( only if current_time() WP function not exists )
e.g. Europe/Rome
Log each pingback request: enable the log of each pingback request
Stop User Enumeration: enable the log of user enumeration attempts. Make also a redirect to the site home
Remove WP version and generator tag: remove the wordpress version number and generator meta from the head section of your site
Kill multiple xmlrpc request on xmlrpc login error: kill multiple requests in a single xmlrpc call returning a 401 code on xmlrpc login error to prevent server overloading on brute force attack by xmlrpc.
Disable xmlrpc authenticated methods: disable all xmlrpc methods that require authentication in order to avoid brute force attack by xmlrpc. Use this feature if you don't need these xmlrpc methods.
Options:
SYSTEM -> write into SYSLOG;
APACHE -> write into APCACHE ERROR LOG;
CUSTOM -> write into log file defined into admin panel;
CUSTOM Error Log Path: error log file absolute path ( only in CUSTOM mode )
e.g. /your/error/logs/path/
CUSTOM Error Log Name: error log file name ( only in CUSTOM mode )
e.g. sites_auth_errors.log
TIMEZONE: time zone to use ( only if current_time() WP function not exists )
e.g. Europe/Rome
Log each pingback request: enable the log of each pingback request
Stop User Enumeration: enable the log of user enumeration attempts. Make also a redirect to the site home
Remove WP version and generator tag: remove the wordpress version number and generator meta from the head section of your site
Kill multiple xmlrpc request on xmlrpc login error: kill multiple requests in a single xmlrpc call returning a 401 code on xmlrpc login error to prevent server overloading on brute force attack by xmlrpc.
Disable xmlrpc authenticated methods: disable all xmlrpc methods that require authentication in order to avoid brute force attack by xmlrpc. Use this feature if you don't need these xmlrpc methods.
Create new filter called wp-auth-and-xmlrpc.conf into /filter.d path of fail2ban
Filter content:
[Definition]
failregex = ^.*Authentication failure on .* from <HOST>.*$
^.*Pingback error .* generated on .* from <HOST>.*$
ignoreregex =
Create new jail called wp-auth-and-xmlrpc.conf into /jail.d path of fail2ban
Jail content:
[wp-auth-and-xmlrpc]
enabled = true
logpath = /storage/www/logs/sites_auth_errors.log
maxretry = 5
bantime = 600
findtime = 60
filter = wp-auth-and-xmlrpc
action = %(action_mwl)s
logpath must exists before activate the jail and need to be the same used for this plugin
Reload or restart fail2ban
Filter content:
[Definition]
failregex = ^.*Authentication failure on .* from <HOST>.*$
^.*Pingback error .* generated on .* from <HOST>.*$
ignoreregex =
Create new jail called wp-auth-and-xmlrpc.conf into /jail.d path of fail2ban
Jail content:
[wp-auth-and-xmlrpc]
enabled = true
logpath = /storage/www/logs/sites_auth_errors.log
maxretry = 5
bantime = 600
findtime = 60
filter = wp-auth-and-xmlrpc
action = %(action_mwl)s
logpath must exists before activate the jail and need to be the same used for this plugin
Reload or restart fail2ban