གཞུང་དངོས་ལ་མཆོང་།
  • ཐོ་འཇུག
  • ཐོ་འགོད།
WordPress.org

བོད་ཡིག

  • དཔེ་སྒྲོམ།
  • མཐུད་སྣེ།
  • News
  • ངེད་ཀྱི་སྐོར།
  • ཚོགས་པ།
  • Get WordPress
Get WordPress

མཐུད་སྣེ།

  • ངའི་དགའ་ཤོས།
  • Beta ཚོད་ལྟའི་སྒང་།
  • གསར་འབྱེད་པ།
ཕབ་ལེན།

WP fail2ban

རྩོམ་པ་པོ། Charles Lecklider
  • ཞིབ་ཕྲ།
  • གདེང་འཇོག
  • སྒྲིག་འཇུག
  • ཡར་རྒྱས།
རམ་འདེགས།

ཞིབ་བརྗོད།

fail2ban is one of the simplest and most effective security measures you can implement to protect your WordPress site.

WP fail2ban provides the link between WordPress and fail2ban:

Oct 17 20:59:54 foobar wordpress(www.example.com)[1234]: Authentication failure for admin from 192.168.0.1
Oct 17 21:00:00 foobar wordpress(www.example.com)[2345]: Accepted password for admin from 192.168.0.1

WPf2b comes with three fail2ban filters: wordpress-hard.conf, wordpress-soft.conf, and wordpress-extra.conf. These are designed to allow a split between immediate banning (hard) and the traditional more graceful approach (soft), with extra rules for custom configurations.

Features

  • Failed Login Attempts
    The very first feature of WPf2b: logging failed login attempts so the IP can be banned. Just as useful today as it was then.

  • Block User Enumeration
    One of the most common precursors to a password-guessing brute force attack is user enumeration. WPf2b can block it, stopping the attack before it starts.

  • Block username logins
    Sometimes it’s not possible to block user enumeration (for example, if your theme provides Author profiles). WPf2b can require users to login with their email address instead of their username.

  • Blocking Users
    Anther of the older WPf2b features: the login process can be aborted for specified usernames.
    Say a bot collected your site’s usernames before you blocked user enumeration. Once you’ve changed all the usernames, add the old ones to the list; anything using them will trigger a “hard” fail.

  • Empty Username Login Attempts
    Some bots will try to login without a username; harmless, but annoying. These attempts are logged as a “soft” fail so the more persistent bots will be banned.

  • Spam
    WPf2b will log a spammer’s IP address as a “hard” fail when their comment is marked as spam; the Premium version will also log the IP when Akismet discards “obvious” spam.

  • Attempted Comments
    Some spam bots try to comment on everything, even things that aren’t there. WPf2b detects these and logs them as a “hard” fail.

  • Pingbacks
    Pingbacks are a great feature, but they can be abused to attack the rest of the WWW. Rather than disable them completely, WPf2b effectively rate-limits potential attackers by logging the IP address as a “soft” fail.

  • Block XML‑RPC Requests [Premium]
    The only reason most sites need XML‑RPC (other than Pingbacks) is for Jetpack; WPf2b Premium can block XML‑RPC while allowing Jetpack and/or Pingbacks.

  • Block Countries [Premium]
    Sometimes you just need a bigger hammer – if you’re seeing nothing but attacks from some countries, block them!

  • Cloudflare and Proxy Servers
    WPf2b will work with Cloudflare, and the Premium version will automatically update the list of Cloudflare IP addresses.
    You can also configure your own list of trusted proxies.

  • syslog Dashboard Widget
    Ever wondered what’s being logged? The dashboard widget shows the last 5 messages; the Premium version keeps a full history to help you analyse and prevent attacks.

  • Site Health Check
    WPf2b will (try to) check that your fail2ban configuration is sane and that the filters are up to date; out-of-date filters are the primary cause of WPf2b not working as well as it can.
    When did you last run the Site Health tool?

  • mu-plugins Support
    WPf2b can easily be configured as a “must-use plugin” – see Configuration.

  • API to Extend WPf2b
    If your plugin can detect behaviour which should be blocked, why reinvent the wheel?

  • Event Hooks [Premium]
    Need to do something special when WPf2b detects a particular event? There’s a hook for that.

Premium

  • Akismet support.
  • Block XML‑RPC while allowing Jetpack and/or Pingbacks.
  • Block Countries.
  • Auto-update Cloudflare IPs.
  • Event log.
  • Event hooks.

སྒྲིག་འཇུག

  1. Install via the Plugin Directory, or upload to your plugins directory.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  3. Edit wp‑config.php to suit your needs – see Configuration.

གདེང་འཇོག

Great Plugin

narratorben 2022 ལོའི་ཟླ 12 ཚེས 5 ཉིན།
Great plugin, works well and far faster than PHP based blocking solutions. many thanks

For me works 110% combined

Boris 2022 ལོའི་ཟླ 11 ཚེས 7 ཉིན།
iptables+Maltrail+Fail2Ban+AbuseIP/DB+BinaryDefence/DB

“Hey! How do you like WP fail2ban so far?” Wheeeee!!

daveb444 2022 ལོའི་ཟླ 6 ཚེས 17 ཉིན།
Jesus. I've done everything I can to rid myself of this ad on every page of ever site I sue this plugin on. I've added CSS code, searched for PHP solutions, etc. No luck. Every page. Every site. Every visit. "Hey! How do you like WP fail2ban so far? Test all our awesome premium features with a 14-day free trial. No credit card required!" F--- me. I will literally never buy this plugin for any reason whatsoever for that alone. They could sell the pro version for fifty cents -and I'd say no on principle. Fix this sh-t.

Cant view IP’s or any information

obbzy 2022 ལོའི་ཟླ 6 ཚེས 7 ཉིན།
Just causes critical errors..

I have a love-hate relationship with this plugin…

Gwyneth Llewelyn 2022 ལོའི་ཟླ 4 ཚེས 7 ཉིན།
Ok, this is the kind of plugin I keep installing and deinstalling over time... Firstly: I'm no stranger to fail2ban, but I'm not really an expert in designing my own filters, either. I still know enough fail2ban-fu to tackle some tricky issues; ultimately, 90% of the complexity is in setting the correct regexps to catch log errors — that's easy enough to do 🙂 Secondly: as an experienced system administrator, the extra goodies that come with the subscription model are not really worth the expense. Some of those goodies are basically just automating procedures for those that aren't really familiar with fail2ban. Sure, the so-called Blocklist Network Service (BNS) is quite useful for preemptively block malicious IP addresses; but, as others have said elsewhere, you can pretty much accomplish the same with many other tools (most of them free). I mostly use AbuseIPDB (as well as the free version of WordFence), but your mileage may vary. Thirdly: aye, the constant nagging to upgrade to Premium is annoying. After a while it gets on your nerves. Sure, programmers need to eat, too, so I perfectly understand the need to grab the user's attention. I personally would prefer a one-shot fee to get most of the Premium functionality, or at least a way to turn off the constant nagging, like others already suggested; committing to a permanent subscription plan, no matter how cheap, is not really an option for those, like myself, who have irregular sources of income, and have to keep recurring payments at the bare minimum (e.g. utility bills...). I'd be fine to have very limited 'Premium' features for a single payment, and, sure, I'd pay US$40 for the privilege of not getting constantly nagged about upgrading... Fourthly: documentation. It's clear that Charles has put a huge effort in writing the documentation. Alas, the brunt of the effort was done around version 2 of wp-fail2ban. Recent features are barely documented, if at all (sometimes you only know that a feature exists, but have no idea about its purpose; sometimes there isn't even an empty page for said feature, so you have no way to know if it exists at all or not — short of taking a look at the source code, that is). Put in other words: to do the basics, there is enough documentation. To go a little further than that, or to figure out how to activate a recently introduced feature... well, there is often not enough help for that on the documentation. If you really need that feature, I guess you'll have a good incentive to go Premium 🙂 That said, is this plugin really that useful? You bet it is! There are a few other plugins attempting to do the same — i.e. integrating the WordPress logs with fail2ban — but they don't come even close. WP Fail2Ban goes way, way further than other plugins. A lot of features have been very cleverly implemented (for instance, even if a hacker gets access to your website's admin panel, despite all the protections, they'll have a tough time to fully disable the plugin...) and work quite well in practice. What is not even mentioned on the documentation is that, by default, if you host a lot of websites, and all of them have WP Fail2Ban active, then a single filter on fail2ban will deal with blocking them all. That's because WP Fail2Ban will add entries to syslog — which is common to the whole system. This is far better (and much faster!) than scanning each individual virtual host's logs! Also, you get correlations that aren't obvious, and can act upon those as well. Imagine the following scenario: a malicious hacker figured out that your server's IP address is actually hosting hundreds of separate websites. They have a brute-force script to try to guess passwords, but they also know that most WordPress installations, even quite basic ones, will block failed attempts after a while. So, what they do is to run the script across all websites, one by one, giving plenty of time between attempts — thus expecting to evade the most basic defence. A website that sees three failed logins in 'quick' succession can block that IP address effectively. But websites are independent of each other, so they cannot know if the others are being simultaneously being attacked or not; eventually, the failed attempt is 'forgotten' over time, and even if a request comes from the same IP address after an hour or two, it's likely that the defence system might not associate one thing with the other. It's just repeated attempts for the same login (usually from the same IP!) that trigger most alarms... Not so with WP Fail2Ban. Those hundreds of sites will all promptly log a failed attempt to the same universal log, syslog. Thus, fail2ban will immediately notice that there is someone attempting to log in — and failing all the time — on any of the websites, and, as a result, will count failed attempts on one site towards a common total. The result? Such a brute-force attack can easily be detected, promptly logged, and blocked — for all websites, not just for one! Even if you run multiple servers, each with different physical IP addresses, that's not a problem. syslog can be configured to accept remote logging from multiple sources. You might need to do a bit of tinkering (i.e. deciding which logging facility will be kept on the local machine, and which will be stored remotely), but such a configuration is certainly possible (WP Fail2Ban can be configured to use any syslog logging level/facility!). Sure, this requires a bit of extra scripting, but it's not a really hard thing to do — especially if you are able to instruct fail2ban to block IP addresses at the level of a common (physical) firewall. A very easy way to accomplish the same is to use something like Cloudflare: configure fail2ban to use Cloudflare's API to block an IP address at their firewall, and that address will be automatically blocked for all websites you've got protected with Cloudflare. All that for the modest cost of zero dollars. Another interesting feature is the ability to extend WP Fail2Ban with additional plugins. A few can be activated directly from the WordPress Plugin Library (e.g. to protect your Contact 7 or Gravity forms). But you can also write your own plugins to deal with particular configuration. This mostly means telling WP Fail2Ban what to trigger and write to syslog, and adding a fail2ban filter to seek for that message and process it accordingly. That way, you can add lots of additional functionalities that are not present in the 'core' WP Fail2Ban plugin, but which might be quite useful. Here is an example. fail2ban is mostly used to ban IP addresses, but it can do a lot more: an easy example is just to alert the system administrator that something is not working as it should, and send them an email (or a tweet, or something...). You can write a simple plugin to check for available memory (available to WordPress, that is), and if it's excessive (according to your own rules!), write a message to whatever syslog level you wish — and let fail2ban pick it up from there, eventually sending an alert. While this can be accomplished in several different ways, from the perspective of a system administrator, it's more manageable to have a 'common' framework for identifying malfunctions and/or (possible) security issues and configure them from the same interface (in this case, fail2ban scripts). By combining the ability of WP Fail2Ban to potentially register whatever is happening with your WP installation and write a message to syslog about it, and having fail2ban picking up those messages and extract a pattern that shows that something is wrong, you can effectively build a complex system around those tools that can give you a lot of insight on what's going on with your websites — and automate many of the tasks (fail2ban can attempt to restart a PHP instance that has been consistently reporting many out-of-memory errors, for example). I'm aware that there is a plethora of such tools available (New Relic comes to mind — just because it has a free tier, and it's enterprise-grade instrumentation), but combining the power of WP Fail2Ban with fail2ban itself and using syslog as a way to pass messages between both — that's pure genius, and a very clean and elegant way of doing even complex, automated tasks, just by using off-the-shelf tools (most of them free!). You can see that I have listed way more reasons why I love the concept behind WP Fail2Ban than the reasons why I hate it. I would say that it's the kind of plugin that you will actively use (it works in the background, after all), even though you can achieve similar results by adding lots of clever rules on fail2ban (without needing the extra help from WP Fail2Ban, that is). There are always trade-offs to consider — for example, where are you more comfortable dealing with security, at the WordPress level, or at the operating system level? (the correct answer, of course, is 'both' — but that might not be an option for everyone) Also, I'd rate WP Fail2Ban as being a 'comparatively light' plugin. It does use a few database calls, just for presenting the last five reported incidents on the dashboard — but you can even turn those off and save the cost of those database accesses. After all, most of the work will be done by fail2ban anyway — running silently in the background. WP Fail2Ban is just a very sophisticated logging tool (and the 'core' WP engine already does its share of logging, so it's not too much extra work), mostly providing a reasonably easy interface inside WordPress to configure how those 'special' logs ought to be written to syslog; that will hardly put too much stress on your own system (and syslog is designed to handle that stress!). A last note: I've repeatedly mentioned that WP Fail2Ban relies on syslog to write appropriate messages to it that fail2ban can capture and process, but there are different ways to configure it — you can bypass syslog, write the logs elsewhere (even on a memory-based filesystem, if you wish!), and just process these with fail2ban (which is rather agnostic about where it should look for logs). Using syslog (especially its built-in remote logging facilities!) might be a better solution in many scenarios, but it's not a requirement for you to use WP Fail2Ban.

Stopped inmediatly the login attepmts

abisalgrafico 2022 ལོའི་ཟླ 3 ཚེས 21 ཉིན།
OMG! Like magic, stopped inmediatly the login attepmts
གདེང་འཇོག 65 ཡོངས་སུ་ཀློག

བྱས་རྗེས་འཇོག་མཁན། & གསར་འབྱེད་པ།

“WP fail2ban” is open source software. The following people have contributed to this plugin.

བྱས་རྗེས་འཇོག་མཁན།
  • invisnet

“WP fail2ban” has been translated into 3 locales. Thank you to the translators for their contributions.

ཁྱེད་ཀྱི་སྐད་ཡིག་ནང་ལ་ “WP fail2ban” ཡིག་སྒྱུར་བྱོས།

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

དག་བཅོས་ཉིན་ཐོ།

5.0.1

  • Tweak Site Health notifications.
  • Update Freemius library.

5.0.0 “Delphi”

  • IPv6 support.
  • Akismet support. [Premium only]
  • Auto-update Cloudflare IPs. [Premium only]
  • Event hooks. [Premium only]
  • Performance improvements:
    • Improve reports. [Premium only]
    • Cache IP lists. [Premium only]
    • Cache Plugin API message registration. [Premium only]
  • Check installed filters against previous versions (Site Health).
  • Moved “Authentication attempt for unknown user” to wordpress-soft.conf.
  • Moved “extra” Comment messages to wordpress-soft.conf.
  • Show date/time in local timezone (h/t @geniusmedia). [Premium only]
  • Deprecate WP_FAIL2BAN_LOG_COMMENTS_EXTRA and WP_FAIL2BAN_COMMENT_EXTRA_LOG; use WP_FAIL2BAN_LOG_COMMENT_ATTEMPTS and WP_FAIL2BAN_COMMENT_ATTEMPT_LOG instead.
  • Update Freemius library.

Please read the notes before upgrading.

4.4.0.9

  • Preparation for v5: prevent auto-updating across major release.
  • Update Freemius library.

4.4.0.8

  • Back-port fix for mu-plugins activation.
  • Update Freemius library.

4.4.0.7

  • Back-port fix for type error in menu-fixer when viewing Event Log (h/t @geniusmedia). [Premium only]
  • Back-port fixes for event summaries. [Premium only]
  • Update Freemius library.

4.4.0.6

  • Fix initialisation error in event log. [Premium only]
  • Fix type error in event log when no events available. [Premium only]
  • Update Freemius library.

4.4.0.5

  • Fix type error on Remote IPs tab with no MaxMind database configured (h/t @Tobias‑Conrad). [Premium only]
  • Update Freemius library.

4.4.0.4

  • Fix warning with array of blocked users (h/t @Znuff).
  • Fix reports. [Premium only]

4.4.0.3

  • Fix type error (h/t @brianshim).

4.4.0.2

  • Add WP_FAIL2BAN_USE_AUTHPRIV – a single place to switch to LOG_AUTHPRIV for systems without LOG_AUTH.
  • Add WP_FAIL2BAN_FREE_ONLY.
  • Add WP_FAIL2BAN_PLUGIN_LOG_OTHER and WP_FAIL2BAN_PLUGIN_OTHER_LOG.
  • Improve performance.
  • Moved cron event to update trusted Cloudflare IP ranges to the Cloudflare add-on. [Premium only]
  • Add support for Pingbacks while blocking XML‑RPC. [Premium only]
  • Update Freemius library.

4.3.2.2

  • Add cron event to update trusted Cloudflare IP ranges weekly. [Premium only]
  • Add cron event to update trusted Jetpack IP ranges weekly. [Premium only]
  • Add cron event to update MaxMind database weekly. [Premium only]
  • Workaround for missing syslog constants in Windows (h/t @dmarkowicz).
  • Clarify upgrade message on Last 5 Messages widget. [Free only]
  • Merge About and Status tabs. [Premium only]
  • Update Freemius library.

4.3.2.1

  • Add support for WP fail2ban Blocklist.
  • Add new Standard Configurations.
  • Improve Help links.
  • Fix logging checkboxes [Premium only].
  • Fix incorrect constant for disabling last messages (h/t @kermina).
  • Fix false positive with blocking user enumeration when a Contributor tries to list posts by another user.
  • Fix index issue with ancient versions of MySQL.
  • Fix harmless warning with a defined but empty WP_FAIL2BAN_PROXIES (h/t @stevegrunwell).
  • Back-port new Block event class.
  • Update Freemius library.
  • Change to GPLv3 with additional terms as per Section 7.

4.3.2.0

  • Add support for blocking by Country. [Premium only]
  • Add XML‑RPC blocking; allow trusted IPs and Jetpack (h/t @mhweb). [Premium only]

4.3.0.9

  • Fix incorrect constant for disabling last messages (h/t @kermina).
  • Fix false positive with blocking user enumeration when a Contributor tries to list posts by another user.
  • Fix index issue with ancient versions of MySQL. [Premium only]
  • Fix harmless warning with a defined but empty WP_FAIL2BAN_PROXIES (h/t @stevegrunwell).
  • Back-port new Block event class.
  • Update Freemius library.

4.3.0.8

  • Workaround issue with user enumeration blocking being triggered by Gutenberg pre‑loading Author list. (h/t @brrrrrrrt) [WordPress only]

4.3.0.7

  • Finish refactoring to allow inclusion of constants in wp‑config.php (h/t @iCounsellor).
  • Fix MaxMind database update. [Premium only]

4.3.0.6

  • Fix Forbidden error on Posts page for roles below Editor when user enumeration blocking enabled. [WordPress only]

4.3.0.5

  • Fix empty username detection for multisite.
  • Fix harmless warning when activating new multisite install.
  • Fix esoteric edge-case where wp‑load.php is loaded via a script run from the CLI in a directory with a functions.php file.

4.3.0.4 “Columbo”

  • Add new dashboard widget: last 5 syslog messages.
  • Add full multisite support.
  • Add username login blocking (force login with email).
  • Add separate logging for login attempts with an empty username.
  • Improve user enumeration blocking compatibility with the WordPress block editor (Gutenberg).
  • Bump the minimum PHP version to 5.6.

4.2.8

  • Add link to new support forum.
  • Fix user enumeration conflict with Gutenberg (h/t @dinghy).
  • Fix notices wrt admin menu (h/t @marioivangf).
  • Fix harmless XDebug notice (h/t @dinghy).
  • Update Freemius library.

4.2.7.1

  • Fix error when blocking user enumeration via oembed (h/t @wordpressfab).

4.2.7

  • Fix error when blocking user enumeration via REST.
  • Fix buttons on Settings tabs.

4.2.6

  • Add support for Remote Tools add-on.
  • Add support for the new ClassicPress security page.
  • Improved user enumeration blocking.

4.2.5.1

  • Fix premium activation issue with PHP < 7.0.

4.2.5

  • Properly fix PHP 5.3 support; tested on CentOS 6. Does not support any UI or Premium features.
  • Fix potential issue with WP_FAIL2BAN_BLOCK_USER_ENUMERATION if calling REST API or XML‑RPC from admin area.

4.2.4

  • Add filter for login failed message.
  • Fix logging spam comments from admin area.
  • Fix Settings link from Plugins page.
  • Update Freemius library

4.2.3

  • Workaround for some versions of PHP 7.x that would cause define()s to be ignored.
  • Add config note to settings tabs.
  • Fix documentation links.

4.2.2

  • Fix 5.3 compatibility.

4.2.1

  • Completed support for WP_FAIL2BAN_COMMENT_EXTRA_LOG.
  • Add support for 3rd-party plugins; see Developers.
    • Add-on for Contact Form 7 (experimental).
    • Add-on for Gravity Forms (experimental).
  • Change logging for known-user with incorrect password; previously logged as unknown user and matched by hard filters (due to limitations in older versions of WordPress), now logged as known user and matched by soft.
  • Bug-fix for email-as-username – now logged correctly and matched by soft, not hard, filters.
  • Bug-fix for regression in code to prevent Free/Premium conflict.

4.2.0

  • Not released.

4.1.0

  • Add separate logging for REST authentication.
  • Fix conflict with earlier versions preinstalled in mu‑plugins. See Is WPf2b Already Installed?.

4.0.5

  • Add WP_FAIL2BAN_COMMENT_EXTRA_LOG.
  • Add WP_FAIL2BAN_PINGBACK_ERROR_LOG (future functionality).
  • Change WP_FAIL2BAN_LOG_SPAM to use LOG_NOTICE.
  • Change WP_FAIL2BAN_SPAM_LOG to LOG_AUTH.
  • Change WP_FAIL2BAN_LOG_COMMENTS_EXTRA events to use LOG_NOTICE by default.
  • Fix conflict with 3.x in mu-plugins.

4.0.2

  • Fix PHP 5.3 compatibility.
  • Bug-fix for WP_FAIL2BAN_LOG_COMMENTS_EXTRA.
  • Bug-fix for WP_FAIL2BAN_REMOTE_ADDR summary.

4.0.1

  • Add extra features via Freemius. This is entirely optional. WPf2b works as before, including new features listed here.
  • Add settings summary page (Settings -> WP fail2ban).
  • Add WP_FAIL2BAN_PASSWORD_REQUEST_LOG.
  • Add WP_FAIL2BAN_SPAM_LOG.
  • Add WP_FAIL2BAN_LOG_COMMENTS_EXTRA – enable logging for attempted comments on posts which are:
    • not found,
    • closed for commenting,
    • in the trash,
    • drafts,
    • password protected
  • Block user enumeration via REST API.

4.0.0

  • Not released.

3.6.0

  • The filter files are now generated from PHPDoc in the code. There were too many times when the filters were out of sync with the code (programmer error) – this should resolve that by bringing the patterns closer to the code that emits them.
  • Added PHPUnit tests. Almost 100% code coverage, with the exception of WP_FAIL2BAN_PROXIES which is quite hard to test properly.
  • Bug-fix for wordpress-soft.conf.
  • Add WP_FAIL2BAN_XMLRPC_LOG.
  • Add WP_FAIL2BAN_REMOTE_ADDR.
  • WP_FAIL2BAN_PROXIES now supports an array of IPs with PHP 7.
  • Moved all documentation to https://docs.wp-fail2ban.com/.

3.5.3

  • Bug-fix for wordpress-hard.conf.

3.5.1

  • Bug-fix for WP_FAIL2BAN_BLOCK_USER_ENUMERATION.

3.5.0

  • Add WP_FAIL2BAN_OPENLOG_OPTIONS.
  • Add WP_FAIL2BAN_LOG_COMMENTS and WP_FAIL2BAN_COMMENT_LOG.
  • Add WP_FAIL2BAN_LOG_PASSWORD_REQUEST.
  • Add WP_FAIL2BAN_LOG_SPAM.
  • Add WP_FAIL2BAN_TRUNCATE_HOST.
  • WP_FAIL2BAN_BLOCKED_USERS now supports an array of users with PHP 7.

3.0.3

  • Fix regex in wordpress-hard.conf.

3.0.2

  • Prevent double logging in WP 4.5.x for XML‑RPC authentication failure

3.0.1

  • Fix regex in wordpress-hard.conf.

3.0.0

  • Add WP_FAIL2BAN_SYSLOG_SHORT_TAG.
  • Add WP_FAIL2BAN_HTTP_HOST.
  • Log XML‑RPC authentication failure.
  • Add better support for MU deployment.

2.3.2

  • Bug-fix WP_FAIL2BAN_BLOCKED_USERS.

2.3.0

  • Bug-fix in experimental WP_FAIL2BAN_PROXIES code (thanks to KyleCartmell).

2.2.1

  • Fix stupid mistake with WP_FAIL2BAN_BLOCKED_USERS.

2.2.0

  • Custom authentication log is now called WP_FAIL2BAN_AUTH_LOG.
  • Add logging for pingbacks; see WP_FAIL2BAN_LOG_PINGBACKS.
  • Custom pingback log is called WP_FAIL2BAN_PINGBACK_LOG.

2.1.1

  • Minor bug-fix.

2.1.0

  • Add support for blocking user enumeration; see WP_FAIL2BAN_BLOCK_USER_ENUMERATION.
  • Add support for CIDR notation in WP_FAIL2BAN_PROXIES.

2.0.1

  • Bug-fix in experimental WP_FAIL2BAN_PROXIES code.

2.0.0

  • Add experimental support for X-Forwarded-For header; see WP_FAIL2BAN_PROXIES.
  • Add experimental support for regex-based login blocking; see WP_FAIL2BAN_BLOCKED_USERS.

1.2.1

  • Update FAQ.

1.2

  • Fix harmless warning.

1.1

  • Minor cosmetic updates.

1.0

  • Initial release.

ཟུར་བརྗོད།

  • ཐོན་རིམ: 5.0.1
  • མཐའ་མའི་གསར་བཅོས: གཟའ་འཁོར 4 སྔོན།
  • སྒྲིག་འཇུག་བྱས་ཚད: 70,000+
  • WordPress ཐོན་རིམ: 4.2 ཡང་ན་དེ་ལས་མཐོ་བ།
  • ཚོད་ལྟ་བྱས་ཟིན་པའི WordPress ཐོན་རིམ: 6.1.1
  • PHP ཐོན་རིམ: 7.4 ཡང་ན་དེ་ལས་མཐོ་བ།
  • སྐད་ཡིག:

    Chinese (China), English (Canada), English (US) དང་ French (France).

    ཁྱེད་ཀྱི་སྐད་ཡིག་ལ་ཡིག་སྒྱུར་བྱོས།

  • འགྲེལ་བྱང:
    Brute Forcefail2banloginsecuritysyslog
  • མཐོ་རིམ་མཐོང་སྣང་།

གདེང་འཇོག

ཡོངས་ལ་ལྟ།
  • སྐར་མ། 5 49
  • སྐར་མ། 4 4
  • སྐར་མ། 3 2
  • སྐར་མ། 2 4
  • སྐར་མ། 1 6
Log in to submit a review.

བྱས་རྗེས་འཇོག་མཁན།

  • invisnet

རམ་འདེགས།

Issues resolved in last two months:

0 out of 1

རམ་འདེགས་གླེང་སྟེགས་ལ་ལྟ།

  • About
  • News
  • Hosting
  • Donate
  • Swag
  • Documentation
  • Developers
  • Get Involved
  • Learn
  • Showcase
  • Plugins
  • Themes
  • Patterns
  • WordCamp
  • WordPress.TV
  • BuddyPress
  • bbPress
  • WordPress.com
  • Matt
  • Privacy
  • Public Code
WordPress.org
WordPress.org

བོད་ཡིག

  • Visit our Facebook page
  • Visit our Twitter account
  • Visit our Instagram account
  • Visit our LinkedIn account
ཚབ་ཨང་ནི་སྙན་ངག་གོ།