WP-Members Security 1.6.2 has been released. This is a minor update with some feature elements that didn’t quite make it into the previous two packages. Most of the changes are related to WP CLI commands.
This update incorporates the addition of a new query object class to standardize the queries the plugin makes, especially related to its custom tables in the WP database. There is no difference in output, so the change is not noticeable.
Failed Login Report Table
One change that is noticeable and is not part of the WP CLI command updates is with regards to recording failed logins. Previously, if a user login using an email address as the username failed, the record showed it as being an unknown user. This is because only the user_login field was queried when trying to get the user ID. The way this displayed in the failed login table was the email was shown in the username field and the user ID and email were unknown.
Now, with this update, if the login was using a known email (an email address belonging to an existing user) and the login fails, it will be recorded with the user ID of the known user. The failed login table will display the user ID, username, and email address of the user.
Note: this is just a minor change with regards to display and tracking failed logins. Fundamentally, all of this is happening after the login was failed – it’s just in how the data was recorded and viewed.
WP CLI Commands
This update gets rid of the get
command. This has now been replaced by individual direct commands that were all subcommands of get
. New commands were added as follows:
wp mem sec lockouts list
– Displays a list of locked out users. Can display all (--all
) or current (--current
) lists.wp mem sec lockouts search <search_string>
– Searches for lockouts by username or email. If no “search by” parameter is passed, it will search by username. You can specify the search by username (login) or email with the “by” argument:--by=<login|email>
.wp mem sec clear_lockout <lock_id>
– This command can clear a specific lockout. Specify the lockout to clear by its ID. You can retrieve the ID from thelist
orsearch
results as both of those tables display the lock ID for each line.disable
andenable
are now subcommands ofwp mem sec settings
(they were previously standalone commands). Specify the setting/option to enable or disable in the command. For example to enable login lockout (login_lockout
):wp mem sec settings --enable=login_lockout
View the documentation on all of the Security plugin’s WP CLI commands here.