Description

fail2ban is one of the simplest and most effective security measures you can implement to prevent brute-force attacks.
WP fail2ban logs all login attempts – including via XML-RPC, whether successful or not, to syslog using LOG_AUTH. For example:

Oct 17 20:59:54 foobar wordpress(www.example.com)[1234]: Authentication failure for admin from 192.168.0.1
Oct 17 21:00:00 foobar wordpress(www.example.com)[2345]: Accepted password for admin from 192.168.0.1

WPf2b comes with three fail2ban filters: wordpress-hard.conf, wordpress-soft.conf, and wordpress-extra.conf. These are designed to allow a split between immediate banning (hard) and the traditional more graceful approach (soft), with extra rules for custom configurations.

Features

  • Allow Pingbacks with XML-RPC Blocked [Premium only]
    Pingbacks might be a relic of a bygone age, but they’re still nice to have. Wf2b can now allow Pingsbacks while blocking other XML-RPC requests.
  • Block XML-RPC Requests [Premium only]
    Allow access for Jetpack and other trusted IPs while blocking everything else; introduces a new “hard” filter.
  • Block Countries [Premium only]
    Nothing but attacks from some countries? Block them!
  • Multisite Support
    Version 4.3 introduced proper support for multisite networks.
  • Block username logins
    Sometimes it’s not possible to block user enumeration (for example, if your theme provides Author profiles). Version 4.3 added support for requiring the use of email addresses for login.
  • Filter for Empty Username Login Attempts
    Some bots will try to login without a username. Version 4.3 logs these attempts and provides an “extra” filter to match them.
  • syslog Dashboard Widget
    Ever wondered what’s being logged? The new dashboard widget shows the last 5 messages; the Premium version keeps a full history to help you analyse and prevent attacks.
  • Support for 3rd-party Plugins
    Version 4.2 introduced a simple API for authors to integrate their plugins with WPf2b, with 2 experimental add-ons:

    • Contact Form 7
    • Gravity Forms
  • CloudFlare and Proxy Servers
    WPf2b can be configured to work with CloudFlare and other proxy servers.
  • Comments
    WPf2b can log comments (see WP_FAIL2BAN_LOG_COMMENTS) and attempted comments (see WP_FAIL2BAN_LOG_COMMENTS_EXTRA).
  • Pingbacks
    WPf2b logs failed pingbacks, and can log all pingbacks. For an overview see WP_FAIL2BAN_LOG_PINGBACKS.
  • Spam
    WPf2b can log comments marked as spam. See WP_FAIL2BAN_LOG_SPAM.
  • Block User Enumeration
    WPf2b can block user enumeration.
  • Work-Arounds for Broken syslogd
    WPf2b can be configured to work around most syslogd weirdness. For an overview see WP_FAIL2BAN_SYSLOG_SHORT_TAG and WP_FAIL2BAN_HTTP_HOST.
  • Blocking Users
    WPf2b can be configured to short-cut the login process when the username matches a regex. For an overview see WP_FAIL2BAN_BLOCKED_USERS.
  • mu-plugins Support
    WPf2b can easily be configured as a must-use plugin – see Configuration.