Hello,
Ever since deploying Auth0, Wordfence security plugin has stopped send email notification to admins of events such as user logged-in, etc. Is there something I need to do in Login by Auth0 plugin to allow notifications by Wordfence?
Kind regards,
Hi again,
Our plugin doesn’t do anything with email at all, including sending any from your site. I’m guessing this is related to something else, you might want to check your PHP error log for anything relevant.
I thought so too. Thank you for the confirmation.
Kind regards,
Hello,
As I continue to troubleshoot this scenario, Wordfence made the following comment:
Since the integration you did was with Auth0 and the type of emails you seem to be missing is login emails I think it’s likely that the Auth0 implementation overrides the default WordPress login flow. This would cause Wordfence to not be able to see logins. Does that sound like it could be it?
Could you please confirm whether this is how Auth0 works?
Wordfence Forum Post Link: Wordfence notifications missing after integration with Auth0 | WordPress.org
Kind regards,
I wouldn’t say the plugin overrides the flow but it does log in users a different way, yes. We call all the core hooks, though, to try and keep as much additional functionality intact as possible. If Wordfence can let us know what hook or process it uses to send those emails out, we might be able to include that in our login flow.
Thank you Josh. Wordfence says:
We hook in to wp_login like so:
add_action('wp_login','wordfence::loginAction');Another thing I came to think of is that if their login is happening via xmlrpc.php perhaps that might also be an issue. I’m not sure, just wanted to mention it.
Could you please advise?
Kind regards,
We don’t use xmlrpc.php during login and we do call that hook on each successful login:
https://github.com/auth0/wp-auth0/blob/master/lib/WP_Auth0_LoginManager.php#L523
It might be good to add a quick logging action in the Wordfence plugin code to make sure it’s being called and, if so, find where the email is sent and start debugging there. They might have omitted it for brevity’s sake but there should be a few parameters passed into that add_action() function (specifically the 4th one, $accepted_args, which should be 2):