Prune failed logins table automatically once a day

Fixes #156.

CHANGELOG.md

@@ -2,6 +2,8 @@
 
 ## Upcoming version 0.23.0 (????-??-??)
 
+**Important**: either deactivate and reactivate plugin after update or install new cron job manually via WP-CLI: `wp cron event schedule bc-security/failed-logins-clean-up now daily`.
+
 ### Added
 
 * New built-in rule for bad request banner module that triggers when non-existing `.tgz` or `.zip` file is accessed [#155](https://github.com/chesio/bc-security/issues/155).
@@ -14,6 +16,7 @@
 ### Fixed
 
 * Fix SQL syntax error when bulk unlocking entries in internal blocklist [#154](https://github.com/chesio/bc-security/pull/154) - thanks to @szepeviktor.
+* Table storing failed logins data is now pruned automatically [#156](https://github.com/chesio/bc-security/issues/156).
 
 ## Version 0.22.1 (2024-02-07)
 

classes/BlueChip/Security/Modules/Cron/Jobs.php

@@ -12,6 +12,9 @@ abstract class Jobs
     /** string: Hook name for "External blocklist refresh" cron job */
     public const EXTERNAL_BLOCKLIST_REFRESH = 'bc-security/external-blocklist-refresh';
 
+    /** string: Hook name for "Failed logins table clean up" cron job */
+    public const FAILED_LOGINS_CLEAN_UP = 'bc-security/failed-logins-clean-up';
+
     /** string: Hook name for "Automatic internal blocklist purging" cron job */
     public const INTERNAL_BLOCKLIST_CLEAN_UP = 'bc-security/internal-blocklist-clean-up';
 

classes/BlueChip/Security/Modules/Cron/Settings.php

@@ -17,6 +17,7 @@ class Settings extends CoreSettings
     protected const DEFAULTS = [
         Jobs::CHECKLIST_CHECK => true,
         Jobs::EXTERNAL_BLOCKLIST_REFRESH => false,
+        Jobs::FAILED_LOGINS_CLEAN_UP => true,
         Jobs::INTERNAL_BLOCKLIST_CLEAN_UP => true,
         Jobs::LOGS_CLEAN_UP_BY_AGE => true,
         Jobs::LOGS_CLEAN_UP_BY_SIZE => true,

classes/BlueChip/Security/Modules/Login/Bookkeeper.php

@@ -5,13 +5,15 @@
 namespace BlueChip\Security\Modules\Login;
 
 use BlueChip\Security\Helpers\MySQLDateTime;
+use BlueChip\Security\Modules\Cron\Jobs;
+use BlueChip\Security\Modules\Initializable;
 use BlueChip\Security\Modules\Installable;
 use wpdb;
 
 /**
  * Storage and retrieval of lockout book-keeping data
  */
-class Bookkeeper implements Installable
+class Bookkeeper implements Initializable, Installable
 {
     /**
      * @var string Name of DB table where failed logins are stored
@@ -24,6 +26,7 @@ class Bookkeeper implements Installable
      */
     private string $failed_logins_table;
 
+
     /**
      * @param Settings $settings
      * @param wpdb $wpdb WordPress database access abstraction object
@@ -66,6 +69,13 @@ public function uninstall(): void
     }
 
 
+    public function init(): void
+    {
+        // Hook into cron job execution.
+        add_action(Jobs::FAILED_LOGINS_CLEAN_UP, $this->pruneInCron(...), 10, 0);
+    }
+
+
     /**
      * Add failed login attempt from $ip_address using $username.
      *
@@ -103,10 +113,8 @@ public function recordFailedLoginAttempt(string $ip_address, string $username):
 
     /**
      * Remove all expired entries from table.
-     *
-     * @return mixed
      */
-    public function prune()
+    public function prune(): bool
     {
         // Remove all expired entries (older than threshold).
         $threshold = \time() - $this->settings->getResetTimeoutDuration();
@@ -117,7 +125,20 @@ public function prune()
             "DELETE FROM {$this->failed_logins_table} WHERE date_and_time <= %s",
             MySQLDateTime::formatDateTime($threshold)
         );
-        // Execute query.
-        return $this->wpdb->query($query);
+        // Execute query
+        $result = $this->wpdb->query($query);
+        // Return result
+        return $result !== false;
+    }
+
+
+    /**
+     * @hook \BlueChip\Security\Modules\Cron\Jobs::FAILED_LOGINS_CLEAN_UP
+     *
+     * @internal Runs `prune` method and discards its return value.
+     */
+    private function pruneInCron(): void
+    {
+        $this->prune();
     }
 }