Reference
Activity Logging
Full audit trail of every login attempt with IP and user agent.
When enabled, LoginPlus records every login event — successful or not — to a dedicated database table (wp_loginplus_activity).
What is logged
| Field | Description |
|---|---|
| Event type | login_success, login_failed, brute_force_blocked, 2fa_failed |
| User ID | WordPress user ID (0 for failed attempts with unknown users) |
| IP address | Remote IP of the request (hashed instead of plain text if IP anonymisation is on — see below) |
| User agent | Browser/client string |
| Created at | UTC timestamp of the event |
Viewing logs
Go to LoginPlus → Dashboard. The activity table shows the most recent 10 entries per page, with pagination. Use the Clear Logs button to delete all log entries — this action is immediate and cannot be undone.
Log retention
Logs are pruned automatically — no manual cleanup needed. A daily WP-Cron job deletes any entry older than the configured retention period, which defaults to 90 days and can be changed under LoginPlus → Settings → Logging.
Email alerts
If Email Alerts are enabled, LoginPlus sends a notification to your site’s Admin Email (Settings → General) on suspicious logins and brute-force lockouts. There’s no separate alert-recipient setting — it always goes to whatever address WordPress has configured as the admin email.
For details on hashing stored IP addresses instead of keeping them in plain text, see GDPR & IP Anonymisation.