Closed lots0logs closed 8 years ago
and what will this be used for?
$wf_log->logLogin( $action, $fail, $username['username'] );
what does wordferences do with this log? isn't it enough with the auth0 tenant logs? (you can create a cron to download then and add push to wordference)
Wordfence uses those logs to determine when to block or throttle an ip from accessing the website due to failed logins based on how you configure it in its settings. It also displays the top 5 failed logins on your dashboard within the wordfence widget.
The reason I did not go the cron route is because, and yes this is a bit selfish, but it wouldnt work for my site's setup. Basically I have our wordpress and our forum (which is nodejs-based) using the same connection in Auth0. The Auth0 logs do not include which website actually made the failed attempt so there is no way to easily tell the WordPress attempts from those made on our forum. While that won't be the same for everyone, I'm sure that my use-case is not that unusual. Obviously both methods have their pros and cons. This is what I implemented on my site and I think its a good solution to achieve the intended goal.
well you can use the client_id to filter that...
I want to avoid to add integration with other plugins since I will need to mantain it (and everyone want to extend it later).
The client ID is the same for both if I remember correctly. I don't have time to check it right now. But honestly, I think you should reconsider. Such integrations will make Auth0 plugin more useful. Also, it makes it more likely that other people will contribute. If something breaks and the person who contributed it isn't around to fix it you could always drop the integration in question.
Proposal
Add a plugin compatibility class that can be used to better integrate auth0 with select 3rd-party plugins. For starters the new class improves integration with Wordfence by ensuring failed login attempts are recorded in Wordfence logs.