When we find malicious code on a user’s website, we scan his files with a plugin such as ImunifyAV and check .lastlogin file for any suspicious IP addresses that have been reported in the AbuseIP database.
This plugin streamlines the process by allowing both SysAdmins and cPanel users to quickly view file content and check IPs in the AbuseIPDB.
- generate table
- outputs client ip
- add links to abuseipdb
- cPanel 96 or later (Jupiter theme recommended; paper_lantern also supported)
- PHP 8.0 or later
- Root / WHM SSH access to the server
You need WHM/root SSH access. Run the following commands:
cd /usr/local/src
wget https://github.com/windsofchange/lastlogin-cpanel-plugin/archive/refs/heads/main.zip
unzip main.zip
cd lastlogin-cpanel-plugin-main/
chmod +x install.sh
sudo ./install.shThe script installs the plugin for both the Jupiter and paper_lantern cPanel themes automatically.
After installation the Login Log icon appears in the Security section of your cPanel dashboard.
To remove the plugin completely from both themes, run the following as root:
# Remove from Jupiter theme
/usr/local/cpanel/bin/uninstall_plugin \
/usr/local/cpanel/base/frontend/jupiter/loginlog/loginlog.tar \
--theme jupiter
rm -rf /usr/local/cpanel/base/frontend/jupiter/loginlog
# Remove from paper_lantern theme
/usr/local/cpanel/bin/uninstall_plugin \
/usr/local/cpanel/base/frontend/paper_lantern/loginlog/loginlog.tar \
--theme paper_lantern
rm -rf /usr/local/cpanel/base/frontend/paper_lantern/loginlogThen rebuild the cPanel interface cache so the icon disappears immediately:
/usr/local/cpanel/bin/rebuild_spritesReleased: March 17th, 2026
- Security: Fixed XSS via unescaped
.lastlogintable output andREMOTE_ADDR - Security: Added path-traversal protection on the account name
- Security: Replaced
die()with graceful error handling - Security: Removed jQuery 3.5.0 (CVE-2020-11022 / CVE-2020-11023); all rendering is now server-side PHP
- PHP 8.x: Added
declare(strict_types=1)and typed parameters across all files - PHP 8.x: Fixed double file-read bug and
while(!feof())phantom-line issue - cPanel API:
Account::name()now uses$_ENV['REMOTE_USER'](cPanel 96+) with LiveAPI fallback - cPanel API:
hostname()now uses nativegethostname()instead of LiveAPI - Icon: Added
loginlog.svg— 48×48 flat SVG icon for the Jupiter theme - install.sh: Fixed critical bug where
mvdestroyed source files after paper_lantern install, causing the Jupiter theme registration to silently fail
Released: March 06th, 2022
Added installation script
Released: May 22th, 2022
Added links to abuseipdb jquery updated
Released: May 1th, 2022
Stable Release
Because this is a free plugin, support is restricted to maintaining the source code and ensuring that the plugin functions on latest cPanel version.
Please see the additional services area below if you require assistance outside of this scope, such as with plugin installation, branding, or integrating it with your custom template.
In the next couple of months we're going to continue to improve the docs, create tutorials and fix bugs.
You can support me by giving a GitHub star ★ and spread the word :)