Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Experimental project
This is a sandbox project, which contains experimental code for developer use only.
It is common for users to accidentally enter their password in the username field of login forms. Often, the username field will have something like this when it is submitted: `usernamepassword`. By default, Drupal stores these failed login attempts in the watchdog table. Effectively, this stores passwords in plain text in the database and allows users with `access site reports` to see them.
This module adds an extra check before writing this message to the table. If the provided username is not a valid user, the IP address is stored instead of the username field.
`Login attempt failed for adminpassword.` becomes `Login attempt failed from 127.0.0.1.`.
Project information
- Created by balsama on , updated
