Activity Logging

Full audit trail of every login attempt with IP and user agent.

When enabled, LoginPlus records every login event — successful or not — to a dedicated database table (wp_loginplus_activity).

What is logged

FieldDescription
Event typelogin_success, login_failed, brute_force_blocked, 2fa_failed
User IDWordPress user ID (0 for failed attempts with unknown users)
IP addressRemote IP of the request (hashed instead of plain text if IP anonymisation is on — see below)
User agentBrowser/client string
Created atUTC timestamp of the event

Viewing logs

Go to LoginPlus → Dashboard. The activity table shows the most recent 10 entries per page, with pagination. Use the Clear Logs button to delete all log entries — this action is immediate and cannot be undone.

Log retention

Logs are pruned automatically — no manual cleanup needed. A daily WP-Cron job deletes any entry older than the configured retention period, which defaults to 90 days and can be changed under LoginPlus → Settings → Logging.

Email alerts

If Email Alerts are enabled, LoginPlus sends a notification to your site’s Admin Email (Settings → General) on suspicious logins and brute-force lockouts. There’s no separate alert-recipient setting — it always goes to whatever address WordPress has configured as the admin email.

For details on hashing stored IP addresses instead of keeping them in plain text, see GDPR & IP Anonymisation.