Giters

xwp / stream

πŸ—„οΈ Stream plugin for WordPress

Home Page:https://wordpress.org/plugins/stream/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Stop tracking failed login attempts

fjarrett opened this issue Β· comments

commented

Yesterday @Japh, @lukecarbis and I had a call to discuss data usage of Stream and how we might be able to improve things.

Japh had gathered some real data from a site using Stream, and to our surprise, Failed Login Attempts accounted for nearly 96% of all records! 46,000 of 48,000 records in just 15 days. Looking at these numbers, it's almost as if Stream is primarily serving as a failed login tracker and just happens to track a few other things too πŸ˜„

After a lot of discussion, we came to the conclusion that Stream should stop tracking failed login attempts altogether. Here were the main reasons:

  1. Data storage needs for Stream can be reduced by up to 95% in some cases.
  2. A failed login attempt doesn't write anything to the DB, Stream is capturing something that isn't really a site change. The core purpose of Stream is to show what changes are being made to the DB by logged in users.
  3. Stream isn't doing anything to solve the problem of failed logins, the only thing it does it tell you that they are happening.
  4. There are other plugins, like Brute Protect by @samhotchkiss and team, whose sole purpose is to identify and prevent the problem of brute forced login attempts. Users should be encouraged to use complete login security solutions like this, and Stream can provide logs of what happened after any known breach.
  5. We can offer Failed Login Attempts tracking as a free extension plugin, if people still want that functionality. Think Link Manager.

/cc @shadyvb, @westonruter, @jonathanbardo

commented

πŸ‘

commented

I think it's a very good idea! The free plugin approach is a great
alternative for those who will be seeking this feature.

On Thursday, May 22, 2014, Weston Ruter notifications@github.com wrote:

[image: :+1:]

β€”
Reply to this email directly or view it on GitHubhttps://github.com//issues/547#issuecomment-43901793
.

Jonathan Bardo
Web Developer
[image: X-Team] http://x-team.com/

commented

Hey Frankie, thanks for looping me in here.

We're rolling out our big 2.0 release to BruteProtect later tonight, we've
been working around the clock on it since January. You can check it out
from http://alpha.bruteprotect.com/ if you're interested. We'd love to
talk to figure out some ways that we can work together.

Frankie, are you guys going to be at WordCamp Chicago?

Sam Hotchkiss :: Principal :: Hotchkiss Consulting Group
122 Front Street, Second Floor, Bath, Maine 04530
P: 207.200.4314 :: Skype: hotchkiss.consulting

On Thu, May 22, 2014 at 1:08 PM, Frankie Jarrett
notifications@github.comwrote:

Yesterday @Japh https://github.com/Japh, @lukecarbishttps://github.com/lukecarbisand I had a call to discuss data usage of Stream and how we might be able
to improve things.

Japh had gathered some real data from a site using Stream, and to our
surprise, Failed Login Attempts accounted for nearly 96% of all records!
46,000 of 48,000 records in just 15 days. Looking at these numbers, it's
almost as if Stream is primarily serving as a failed login tracker and
just happens to track a few other things too [image: :smile:]

After a lot of discussion, we came to the conclusion that Stream should
stop tracking failed login attempts altogether. Here were the main reasons:

  1. Data storage needs for Stream can be reduced by up to 95% in some
    cases.
  2. A failed login attempt doesn't write anything to the DB, Stream is
    capturing something that isn't really a site change. The core
    purpose of Stream is to show what changes are being made to the DB by
    logged in users.
  3. Stream doesn't do anything to solve the problem of failed logins,
    the only thing it does it tell you that they are happening.
  4. There are other plugins, like Brute Protecthttps://bruteprotect.com/by
    @samhotchkiss https://github.com/samhotchkiss and team, whose sole
    purpose is to identify and prevent the problem of brute forced login
    attempts.
  5. We can offer Failed Login Attempts tracking as a free extension
    plugin, if people still want that functionality. Think Link Managerhttps://wordpress.org/plugins/link-manager/
    .

/cc @shadyvb https://github.com/shadyvb, @westonruterhttps://github.com/westonruter,
@jonathanbardo https://github.com/jonathanbardo

Reply to this email directly or view it on GitHubhttps://github.com//issues/547
.

commented

πŸ‘

commented

πŸ‘