Hi, nice suggestion!
1. Currently, this feature does not record the password into the database but just record * (asterisk) instead, if someone logged in from the permitted country. And if you does not put pwd into [$_POST keys in logs], no password is logged. But after reading your comment, I become to think it should be more strengthened to protect it. So I’ll rethink about this feature.
2. Yea, [Logs] tab should always be visible! I’ll improve it on the next release.
Thanks.
First of all, I should explain about this feature.
If you leave [$_POST keys in logs] empty, nothing to be encrypted are logged but IP address, user agent and etc. If you put pwd into it, the password will be expanded into the logs. But event in this case, it will be logged as * (asterisk) instead of raw characters if it comes from the permitted country.
The purpose of this feature is to analyze the post pattern of attackers.
If you have any good idea or suggestion about it, I’m very glad to hear from you!
Thanks.
Thread Starter
H
(@thwordpressorg)
Thank you for the clarification.
With the record option enabled, I found the Logs tab quite useful to glance over possible attacks.
Wonderful it is that every feature is simple and just works.
In version 2.0.1, I improved UI which you pointed out.
Now I close this ticket, but if you have something to suggest, please do not hesitate to open new ticket at any time.
Thanks again!
* Another consideration for the future:
If someone who doesn’t need logs, he/she also doesn’t want creating a new database table for logs. So the best timing when to create it should be reconsidered.
