Wrong Password

Wrong Password sends the administrator an email whenever someone logs in with incorrect login details, and sends the details that were entered along with the user agent and ip address of the intruder.

People use the craziest passwords to try and hack, with my epic plugin you can see what passwords are being used.

Download

47 Comments

  1. Diko
    Nov 04, 2013 @ 04:10:39

    Hi Anthony,

    Great plugin.

    It just reminded me to modify the login URL.

    Someone kept brute-force attacking me on already deleted “admin” user. I installed “Better WP Security” and unfortunately your lovely plugin stopped working.

    Can you add support for that? E.g. manual login URL or something.

    Reply

    • Anthony
      Nov 10, 2013 @ 00:12:37

      Ahh. This is incredibly urgent, I’ll add this as soon as possible, Thanks a ton for letting me know this issue.

      Reply

  2. scimon
    Apr 16, 2013 @ 10:39:37

    Unfortunately the changelog has not been updated for the last few releases, which makes it difficult to know if the update is worth downloading.

    Reply

    • Anthony
      Apr 16, 2013 @ 11:32:05

      Hi. Sorry, The last 2 updates were the addition of a stats module and the option to turn it on or off for protected pages and the actual login page. I was just too busy to add that to the changelog.

      Reply

  3. nikki
    Feb 16, 2013 @ 19:10:31

    Is there a way to turn off the notification for the main wp-admin page? I am getting hundreds of emails a day telling me there was attempted logins for the admin but I specifically want this plugin for my password protected posts. I don’t see a preference page anywhere. Thanks!!!

    Reply

    • Anthony
      Feb 16, 2013 @ 19:16:58

      Absolutely! If you give me like 3 days I will add the option to only work on Password protected posts. I am so sorry you are having these troubles. I will also contact you when I add your feature. Thank you so much for using my plugin.

      Reply

      • Nikki
        Feb 20, 2013 @ 10:02:07

        Wow that’s amazing. Thanks so much!!

        Reply

        • Nikki
          Mar 04, 2013 @ 16:15:37

          Hey. Just let me know when its done (send an email or something) I am going to disable this plugin for now. I get up to 61 emails at a time, then it sends me a second, and third set of emails every day for incorrect logins to my admin panel. Love this plugin though.

          Reply

          • Anthony
            Mar 28, 2013 @ 01:00:05

            I am very sorry, I have been very busy in school. I have made a version that allows you to enable this plugin only for password protected pages but it is buggy, I will fix this over spring break and release the new one. Thanks for your patience.

            Reply

          • Anthony
            Apr 13, 2013 @ 17:38:50

            Hey, Here you go. Your features were added, Simply upgrade your version of the plugin. Sorry I took so long, I had some family issues that had to be solved before I could continue development of my plugins. I’d like to thank you for using my plugins and being loyal to me by waiting. Again, Thanks. :)

            Reply

            • Nikki
              Apr 13, 2013 @ 18:27:59

              You are AWESOME. Thanks so much. No apology needed … you were more than kind enough to edit it for me. I could be as patient as long as need be. Thanks again.

              Reply

              • Anthony
                Apr 13, 2013 @ 19:46:48

                I forgot to mention that the new settings are in “Settings > Wrong Password”

                Reply

  4. Jonathan Virak
    Apr 17, 2012 @ 15:06:29

    When do you plan on updating this plugin for WP 3.3.1?

    Reply

    • Anthony
      Apr 17, 2012 @ 15:51:48

      Hi, This has been done, please update to 7.0

      Reply

  5. BooBooPop
    Apr 07, 2012 @ 17:11:40

    Does this plugin also work for the post protected password ?
    A lot of people try to break into my password protected post content

    Reply

    • Anthony
      Apr 07, 2012 @ 18:20:13

      Not currently, but you have given me an idea!, Soon within the next week this plugin will have that capability. :D Thank you so much!

      Reply

    • Anthony
      Apr 08, 2012 @ 00:32:23

      There we go!, I have made the plugin work for password protected pages and posts too!, Thank you for using my plugin. What is your website URL?

      Reply

  6. Ed
    Feb 20, 2012 @ 18:56:32

    Something is up with this plugin, I’m trying to figure it out. It stopped working on most of my sites but one. The one site sends the email to an address though the host. The others, if I have it go though the host email it doesn’t go though (I’ve also recently switched hosts from Webair to TMZVPS) but if I switch it to my gmail it does go though. It doesn’t matter if the emails get sent via SMTP or PHP.

    Reply

    • Anthony
      Feb 20, 2012 @ 19:16:38

      Hi, This plugin uses WordPress’s default wp_mail function and sends to the email specified in Settings > General Settings, With some hosts you must use an email associated with your domain to send email’s from or they don’t send. I will make an update for you so that you can specify the email it sends from.

      Reply

      • Ed
        Feb 20, 2012 @ 19:55:29

        All the sites are with the same host. I’m looking at two right now, the one that works and one that doesn’t. The only difference is the email address it sends to (both email addresses are though the same host, too). As far as I know (other than content and the template) all the settings are the same between the two.

        Reply

      • Ed
        Feb 20, 2012 @ 19:56:16

        Sorry, and I disabled the PHP / SMTP plugin (WP Mail SMTP)

        Reply

        • Anthony
          Feb 20, 2012 @ 20:00:36

          So, its working?

          Reply

          • Ed
            Feb 20, 2012 @ 20:04:08

            With one site, yes but not with the others. I changed the email address of a site that isn’t working to the one that is working and it did not so it is an issue with the site. I’m trying to go though each setting one by one to see if there is anything (relative) different.

            Reply

            • Anthony
              Feb 20, 2012 @ 20:09:44

              Ok, please post the outcome as it could help others :)

              Reply

              • Ed
                Feb 20, 2012 @ 20:22:49

                As far as I can tell everything is identical. (and still not working on the other sites). I’m going to start banging my head on the desk soon. :)

                Reply

                • Ed
                  Feb 20, 2012 @ 20:25:07

                  I just made a new user account and the notification email went to the admin email address. This is getting interesting.

                  Reply

      • Ed
        Feb 20, 2012 @ 20:28:09

        As extra security, I made a second admin account (and the email address of that account matches the email address in general-settings page) and them assigned the account named “admin” no role. This is a difference between the two sites- might that be playing a role?

        Reply

  7. Ed
    Nov 01, 2011 @ 18:09:16

    Does this also track the IP address of the failed attempt?

    Reply

    • Anthony
      Nov 01, 2011 @ 18:25:05

      Yes it does, it also tracks the username and password they attempted to use, and the user agent of the person.

      Reply

      • Ed
        Nov 01, 2011 @ 18:27:13

        Thank you. I didn’t notice that was in the description. :)

        Reply

      • Ed
        Nov 01, 2011 @ 18:30:09

        It works great – WP version 3.2.1

        Thank you.

        Reply

        • Anthony
          Nov 01, 2011 @ 18:34:03

          Your welcome, be sure to get the latest updates when they are available!

          Reply

      • mikek84
        Nov 13, 2011 @ 15:14:23

        i need ur help.. when i registered it lagged and i dont know what my password is now can u help…

        Reply

    • Ed
      Nov 01, 2011 @ 18:26:45

      NM – Duh, in the description. ;)

      Reply

  8. Unable to perform Translation:Quota Exceeded. Please see http://code.google.com/apis/language/translate/overview.html - CyberMaster
    Oct 23, 2011 @ 09:42:25

    [...] When someone gets a password wrong on your site, the administrator is emailed with the details that were entered. The best way to get fast support is by posting your question in a comment at http://anthony.strangebutfunny.net/my-plugins/wrong-password/ [...]

    Reply

  9. BoiteaWeb
    Oct 22, 2011 @ 17:30:09

    Hello

    Datas are not sanitized so i can insert html, javascript code in my password, i can spoof the referer …
    The admin can be the target of phishing or stuff lke that.
    You HAVE to sanitize datas !
    Never print datas from $_REQUEST, $_COOKIE, $_GET, $POST !!

    See you ;)

    Julio Potier
    - Web Security Consultant
    - PhP Developper
    - WordPress Expert

    Reply

    • Anthony
      Oct 22, 2011 @ 18:06:08

      OMG!, I didn’t even realize this!, THANK YOU!

      Reply

    • Anthony
      Oct 22, 2011 @ 18:23:55

      It has been fixed!, The weird thing was, I felt like something was missing, but I couldn’t pin point it. thank you very much!

      Reply

  10. cashusdagod
    Oct 22, 2011 @ 14:51:03

    when i put the pass word that they send me it keeps saying wrong pass word what could be that problem

    Reply

    • Anthony
      Oct 22, 2011 @ 15:07:44

      This plugin doesn’t modify any passwords, it only “attaches” itself to the login screen. The problem you are having is unrelated to my plugin.

      Reply

Leave a Reply

*