(b)log-In performs numerous security checks to ensure that certain things are only visible to, and actions can only be taken by, a logged in user. Last night, I realised that I had no way of knowing if someone else had managed to log in to the site.
Better safe than sorry.
The login page, therefore, now sends me an email for both a successful login and failed attempt. The email includes the IP address recorded of the person logging and the username/password combination used.
If notified about a failed attempt I can be more vigilant, keeping an eye on things to ensure that unauthorised access isn't achieved. Maybe I can set up something like a block list of IP addresses in future.
If notified of a successful login then I'll immediately know that my credentials have been compromised. Because (b)log-In only supports a single logged in session at a time I can quickly log back in myself to kill the unauthorised session and change the password before any damage is done.
If the interloper manages to change the password before I get back in I can always dive into the database via my hosting and change things that way.
I hope it's something that never has to happen but you can't be too careful.
@colinwalker That is hardcore, very nicely done! Were these things that came over from the WP underpinnings of blog-In, or did you have to add them yourself?
No, it's self made. The original structure of the site took inspiration from WordPress but everything since is original. I only thought of this last night and, when I couldn't sleep, finished adding the code at about 4am 😊
@colinwalker Can't sleep, code website. Story checks out. 😂
@pimoore @colinwalker Been there, done that. Multiple times.
It's just so easy (dangerous) to do it on my phone. 😂