Affiliate Login & Activity Tracking

Available in:

• Post Affiliate Pro
• Post Affiliate Pro Ultimate
• Post Affiliate Network

Overview of Affiliate Login & Activity Tracking

Post Affiliate Pro provides comprehensive login and activity tracking capabilities that enable merchants to monitor affiliate authentication, maintain security, and manage user sessions effectively. This feature set ensures complete visibility into how affiliates access their accounts while providing robust protection against unauthorized access.

The login tracking system captures detailed information about every authentication event, stores historical login data, and provides merchants with powerful tools to monitor and manage affiliate access patterns.

Launch your affiliate program today

Set up advanced tracking in minutes. No credit card required.

Request demo Start 30-days free trial

Login History Tracking

What Data is Captured

Every time an affiliate logs into the system, Post Affiliate Pro records the following information:

• Login Timestamp - The exact date and time when the affiliate authenticated
• Logout Timestamp - When the affiliate ended their session
• Last Request Time - The timestamp of the most recent activity during the session
• IP Address - The IP address from which the login originated (supports both IPv4 and IPv6)
• User Agent - Browser and device information used for the login
• Login Type - The authentication method used (credentials, API token, or login key)

This comprehensive data collection enables merchants to:

• Track affiliate engagement and activity patterns
• Identify unusual login behavior that may indicate security concerns
• Verify affiliate claims about account access issues
• Monitor API usage separate from panel logins

Login Count and Last Login Tracking

The system automatically maintains a running count of total logins for each affiliate and updates the last login timestamp with every successful authentication. This information helps merchants:

• Identify inactive affiliates who may need re-engagement
• Recognize highly active affiliates for potential rewards or tier upgrades
• Detect accounts that may have been compromised based on unusual activity spikes

Login Reports and Grids for Merchants

Affiliate Logins Grid

Merchants can access a dedicated grid view showing login history for all affiliates. The grid displays:

The grid supports:

• Sorting - Order by any column to analyze patterns
• Filtering - Focus on specific time periods or affiliates
• CSV Export - Download login data for external analysis

Session Monitoring

Merchants can view currently active sessions through the Online Users Report, allowing real-time monitoring of affiliate activity. This helps identify:

• Peak usage times for the affiliate program
• Geographic distribution of active affiliates
• Potential session hijacking or sharing

Join our newsletter

Be the first to know about new features and product updates.

Email address

Subscribe

Username Constraint Plugin

The Username Constraint plugin enables merchants to enforce specific formats for affiliate usernames during registration. This is particularly useful for:

• Maintaining consistent username patterns across your affiliate base
• Preventing inappropriate or confusing usernames
• Ensuring usernames meet integration requirements with external systems

Configuration Options

Username Format Pattern Define a regular expression that usernames must match. Examples:

• /^[a-zA-Z][a-zA-Z0-9]{5,15}$/ - Alphanumeric, starting with a letter, 6-16 characters
• /^[a-z]+_[0-9]+$/ - Lowercase letters followed by underscore and numbers
• /^AFF[0-9]{4,}$/ - Must start with “AFF” followed by at least 4 digits

Custom Error Message Define a user-friendly message that displays when an affiliate enters an invalid username format. This helps guide affiliates to choose compliant usernames without exposing the technical regex pattern.

Implementation Example

When an affiliate attempts to sign up with a username that does not match the configured pattern, they receive the custom error message. This validation occurs before the account is created, ensuring data consistency from the start.

Sequence Affiliate User ID Plugin

The Sequence Affiliate User ID plugin automatically generates sequential, predictable user IDs for new affiliates instead of random identifiers. This provides:

• Easier tracking and reference in external systems
• Professional appearance with sequential numbering
• Simplified integration with CRM and accounting software

Configuration Options

Current User ID Sequence Set the starting number for the sequence. The ID can be up to 8 characters and may include:

• Numeric sequences (e.g., 8000, 00001)
• Prefixes (e.g., AFF001)
• Suffixes (e.g., 001US)

The system automatically increments the numeric portion while preserving any prefix or suffix.

Decrease Sequence on Delete When enabled, if the most recently created affiliate is deleted, the sequence decreases to reuse that ID for the next signup. This prevents gaps in the sequence when test accounts are removed.

Sequence Examples

Default Signup Values Plugin

The Default Signup Values plugin allows merchants to pre-populate custom fields during affiliate registration. This streamlines the signup process and ensures consistent data collection.

Use Cases

• Default Commission Group - Automatically assign new affiliates to a specific group
• Default Campaign - Pre-select the primary campaign for new signups
• Region or Territory - Set geographic assignments based on signup source
• Custom Data Fields - Pre-fill any custom data fields defined in your account

Configuration

The plugin dynamically displays all available custom data fields (data1, data2, etc.) in its configuration panel. Merchants can set default values that apply to new signups when the field would otherwise be empty. Affiliates can still override these values if the field is editable during signup.

Session Management and Security

Session Lifecycle

Post Affiliate Pro manages affiliate sessions with security best practices:

1. Session Creation - A new session is created upon successful authentication
2. Session Persistence - Sessions remain active during affiliate activity
3. Request Tracking - Each request updates the last activity timestamp
4. Session Timeout - Inactive sessions expire after the configured timeout period
5. Explicit Logout - Affiliates can manually end their session

Remember Me Functionality

Affiliates can opt to be remembered across browser sessions. When enabled:

• A secure cookie maintains the session across browser restarts
• The cookie is set with appropriate security flags
• Merchants can control whether this feature is available

Login Key System

For integrations and automated logins, Post Affiliate Pro supports temporary login keys:

• Login keys are valid for 30 seconds after generation
• Each key is a secure 16-character identifier
• Keys are single-use and deleted after authentication
• Merchants with appropriate privileges can generate keys for affiliates

Failed Login Tracking

Rate Limiting

Post Affiliate Pro implements sophisticated rate limiting to prevent brute force attacks:

Per Username Limiting Tracks failed attempts by username and temporarily blocks authentication after exceeding the configured threshold per hour.

Per IP Address Limiting Monitors failed attempts by IP address and blocks all login attempts from that IP after exceeding limits.

When limits are exceeded, the system:

• Returns HTTP 429 (Too Many Requests) status
• Logs the brute force attempt with IP and username details
• Marks attempts against approved users as critical security events

Progressive Warnings

As users approach the limit, login error messages progressively warn about impending blocks:

• Standard error: “Wrong Username(E-mail) and/or Password”
• Warning (5 or fewer attempts remaining): Includes count of remaining attempts
• Blocked: “Your IP address is blocked. Please try it later.”

IP Address Logging for Logins

Comprehensive IP Tracking

Every login event records the source IP address with support for:

• IPv4 addresses (up to 15 characters)
• IPv6 addresses (up to 39 characters)
• Accurate IP detection through proxy headers

New IP Notifications

Post Affiliate Pro can alert users when a login occurs from an unfamiliar IP address:

For Merchants When enabled, merchants receive email notifications including:

• The new IP address
• Browser and operating system information
• Geographic location (country) based on GeoIP lookup

For Affiliates Affiliates can receive similar notifications to detect potential account compromise early. The notification includes all relevant details to help them identify if the login was legitimate.

IP Access Control

Merchants can configure IP-based access restrictions:

• Banned IP Ranges - Block logins from specific IP addresses or ranges
• Allowed IP Ranges - Restrict logins to only approved IP addresses
• Country Blocking - Prevent logins from blacklisted countries (via GeoIP)

Last Login Tracking

Automatic Updates

The system automatically updates each user’s last login timestamp upon successful authentication. This information is:

• Visible in affiliate profile details
• Available in affiliate grid views
• Exportable for analysis
• Usable in automated workflows (e.g., inactivity notifications)

Login Count Increments

Each successful login increments the user’s total login count. This metric helps identify:

• Highly engaged affiliates for recognition
• Affiliates who may need additional support or training
• Unusual patterns that might indicate shared accounts

Best Practices for Affiliate Account Security

For Merchants

1. Enable 2-Step Verification - Require or encourage affiliates to use 2-step verification with Google Authenticator

2. Configure Rate Limiting - Set appropriate thresholds for failed login attempts to balance security with user experience

3. Monitor Login Patterns - Regularly review the affiliate logins grid for unusual activity such as:

   • Logins from unexpected geographic locations
   • Multiple rapid login/logout cycles
   • API authentication from new sources

4. Use IP Restrictions - For high-security environments, configure allowed IP ranges for sensitive accounts

5. Enable New IP Notifications - Turn on email alerts for logins from new IP addresses

6. Implement Username Constraints - Use the Username Constraint plugin to enforce consistent, identifiable username formats

7. Regular Access Reviews - Periodically review active sessions and login history to identify dormant or potentially compromised accounts

For Affiliates

1. Use Strong Passwords - Create unique, complex passwords for affiliate accounts

2. Enable 2-Step Verification - Add an extra layer of security with the Google Authenticator app

3. Monitor Login Notifications - Pay attention to new IP login alerts and report any unrecognized access immediately

4. Log Out Properly - Always use the logout function rather than simply closing the browser

5. Secure Your Email - Since password recovery uses email, ensure your registered email account is secure

6. Report Suspicious Activity - Contact the merchant immediately if you notice unusual account behavior

Integration with Audit Logging

Login and activity tracking integrates with Post Affiliate Pro’s audit log feature to provide complete accountability. All authentication events, configuration changes, and administrative actions are recorded for compliance and security review.

API Access Tracking

When affiliates or integrations authenticate via the API, the system:

• Records the authentication method (token-based vs. credentials)
• Tracks API sessions separately from panel logins
• Applies the same rate limiting and security controls
• Logs all API authentication attempts for security monitoring

This ensures comprehensive visibility regardless of how affiliates interact with your program.