This is a bug-fix release. You do not need to update your filters from 5.1.0.<\/p>","5.4.0.1":"
This is an important bug-fix release. You do not need to update your filters from 5.1.0.<\/p>","5.4.0":"
This is a feature release. You do not need to update your filters from 5.1.0.<\/p>","5.3.4":"
This is a bug-fix release. You do not need to update your filters from 5.1.0.<\/p>","5.3.3":"
This is a bug-fix release. You do not need to update your filters from 5.1.0.<\/p>","5.3.2":"
This is a minor release. You do not need to update your filters from 5.1.0.<\/p>","5.3.1":"
This is a bug-fix release. You do not need to update your filters from 5.1.0.<\/p>","5.3.0":"
This is a feature release. You do not need to update your filters from 5.1.0.<\/p>\n\n
[\/\/]: # fs_free_only_begin<\/p>","5.2.2":"
This is a feature release. If you are using the WAF you will need to check the "WordPress core" setting in the WAF Options section.\n[\/\/]: # fs_premium_only_end<\/p>","5.2.1":"
This is a minor release. You do not need to update your filters from 5.1.0.<\/p>\n\n
[\/\/]: # fs_free_only_begin<\/p>","5.2.0":"
This is a feature release. If you are using the WAF you will need up update your This is a minor release. You do not need to update your filters from 5.1.0.<\/p>","5.1.0.5":" This is a feature release. To take advantage of the new features you will need up update your This is a minor release. You do not need to update your filters from 5.0.0.<\/p>","5.0.0":" PLEASE READ THE NOTES BEFORE UPGRADING.\nThis is a major feature release. You must update your filters.<\/p>","4.4.0.9":" This is a minor release. You do not need to update your filters from 4.4.0.<\/p>","4.4.0.8":" This is a bug-fix release. You do not need to update your filters from 4.4.0.<\/p>","4.4.0.7":" This is a Premium-only bug-fix release. You do not need to update your filters from 4.4.0.<\/p>","4.4.0.6":" This is a bug-fix release. You do not need to update your filters from 4.4.0.<\/p>","4.4.0.5":" This is a bug-fix release. You do not need to update your filters from 4.4.0.<\/p>","4.4.0.4":" This is a bug-fix release. You do not need to update your filters from 4.4.0.<\/p>","4.4.0.3":" This is a bug-fix release. You do not need to update your filters from 4.4.0.<\/p>","4.4.0.2":" This is a feature release. To take advantage of the new features, including the Blocklist Add-on, you will need up update your This is a bug-fix release. You do not need to update your filters from 4.3.2.0.<\/p>","4.3.2.1":" This is a bug-fix release. You do not need to update your filters from 4.3.2.0.<\/p>","4.3.2.0":" This is a feature release. To take advantage of the new features you will need up update your This is a bug-fix release. You do not need to update your filters from 4.3.0. Premium users: Please update your MaxMind database.<\/p>","4.3.0.6":" This is a bug-fix release. You do not need to update your filters from 4.3.0.<\/p>","4.3.0.5":" This is a bug-fix release. You do not need to update your filters from 4.3.0.<\/p>","4.3.0.4":" This is a feature release. To take advantage of the new features you will need up update your This is a bug-fix release. You do not need to update your filters from 4.1.0.<\/p>","4.2.7.1":" This is a bug-fix release. You do not need to update your filters from 4.1.0.<\/p>","4.2.7":" This is a bug-fix release. You do not need to update your filters from 4.1.0.<\/p>","4.2.6":" This is a minor release. You do not need to update your filters from 4.1.0.<\/p>","4.2.5.1":" This is a premium-only patch release. If you are on PHP 7.0 or later you do not need to upgrade.<\/p>","4.2.5":" This is a minor release. You do not need to update your filters from 4.1.0.<\/p>","4.2.4":" This is a minor release. You do not need to update your filters from 4.1.0.<\/p>","4.2.3":" This is a bug-fix release. You do not need to update your filters from 4.1.0.<\/p>","4.2.2":" You do not need to update your filters from 4.1.0.<\/p>","4.2.1":" You do not need to update your filters from 4.1.0.<\/p>","4.1.0":" To take advantage of the new features you will need up update your This is a security fix (Freemius SDK): all 4.x users are strongly advised to upgrade immediately. You do not need to update your filters from 4.0.1.<\/p>","4.0.4":" This is a bug-fix. You do not need to update your filters from 4.0.1.<\/p>","4.0.3":" This is a bug-fix. You do not need to update your filters from 4.0.1.<\/p>","4.0.2":" This is a bug-fix. You do not need to update your filters from 4.0.1.<\/p>","4.0.1":" To take advantage of the new features you will need up update your You will need up update your You will need up update your Bug-fix: disable You will need up update your You will need up update your BREAKING CHANGE: The Fix for Bug-fix.<\/p>","2.2.0":" BREAKING CHANGE: Pingbacks are getting a lot of attention recently, so WPf2b<\/em> can now log them.\nThe The Bug-fix in experimental code; still an experimental release.<\/p>","2.0.0":" This is an experimental release. If your current version is working and you\u2019re not interested in the new features, skip this version - wait for 2.1.0. For those that do want to test this release, note that fail2ban<\/a> is one of the simplest and most effective security measures you can implement to protect your WordPress site.<\/p>\n\n WP fail2ban<\/em> provides the link between WordPress and WPf2b<\/em> comes with three Failed Login Attempts<\/strong>\nThe very first feature of WPf2b<\/em>: logging failed login attempts so the IP can be banned. Just as useful today as it was then.<\/p><\/li>\n Block User Enumeration<\/strong>\nOne of the most common precursors to a password-guessing brute force attack is user enumeration<\/a>. WPf2b<\/em> can block it, stopping the attack before it starts.<\/p><\/li>\n Block username logins<\/strong>\nSometimes it's not possible to block user enumeration (for example, if your theme provides Author profiles). WPf2b<\/em> can require users to login with their email address instead of their username.<\/p><\/li>\n Blocking Users<\/strong>\nAnther of the older WPf2b<\/em> features: the login process can be aborted for specified usernames.\nSay a bot collected your site's usernames before you blocked user enumeration. Once you\u2019ve changed all the usernames, add the old ones to the list; anything using them will trigger a \"hard\" fail.<\/p><\/li>\n Empty Username Login Attempts<\/strong>\nSome bots will try to login without a username; harmless, but annoying. These attempts are logged as a \"soft\" fail so the more persistent bots will be banned.<\/p><\/li>\n Spam<\/strong>\nWPf2b<\/em> will log a spammer's IP address as a \"hard\" fail when their comment is marked as spam; the Premium version will also log the IP when Akismet discards \"obvious\" spam.<\/p><\/li>\n Attempted Comments<\/strong>\nSome spam bots try to comment on everything, even things that aren't there. WPf2b<\/em> detects these and logs them as a \"hard\" fail.<\/p><\/li>\n Pingbacks<\/strong>\nPingbacks are a great feature, but they can be abused to attack the rest of the WWW. Rather than disable them completely, WPf2b<\/em> effectively rate-limits potential attackers by logging the IP address as a \"soft\" fail.<\/p><\/li>\n Block XML\u2011RPC Requests<\/strong> [Premium]\nThe only reason most sites need XML\u2011RPC (other than Pingbacks) is for Jetpack; WPf2b<\/em> Premium can block XML\u2011RPC while allowing Jetpack and\/or Pingbacks.<\/p><\/li>\n Block Countries<\/strong> [Premium]\nSometimes you just need a bigger hammer - if you\u2019re seeing nothing but attacks from some countries, block them!<\/p><\/li>\n Cloudflare and Proxy Servers<\/strong>\nWPf2b<\/em> will work with Cloudflare<\/a>, and the Premium version will automatically update the list of Cloudflare IP addresses.\nYou can also configure your own list of trusted proxies.<\/p><\/li>\n syslog Dashboard Widget<\/strong>\nEver wondered what's being logged? The dashboard widget shows the last 5 messages; the Premium version keeps a full history to help you analyse and prevent attacks.<\/p><\/li>\n Site Health Check<\/strong>\nWPf2b<\/em> will (try to) check that your API to Extend WPf2b<\/em><\/strong>\nIf your plugin can detect behaviour which should be blocked, why reinvent the wheel?<\/p><\/li>\n Event Hooks<\/strong> [Premium]\nNeed to do something special when WPf2b<\/em> detects a particular event? There's a hook for that<\/a>.<\/p><\/li>\n<\/ul>\n\nfail2ban<\/code> filters and create a new jail; otherwise, things will continue to work as before.\n[\/\/]: # fs_premium_only_end<\/p>","5.1.1":"fail2ban<\/code> filters; existing filters will continue to work as before.<\/p>","5.0.1":"fail2ban<\/code> filters; existing filters will continue to work as before.\nBlocklist Add-on users<\/strong>: Please disable the Blocklist plugin before upgrading WP fail2ban<\/em>, then upgrade the Blocklist plugin and reactivate it.<\/p>","4.3.2.2":"fail2ban<\/code> filters; existing filters will continue to work as before. Premium users: Please backup your database before upgrading.<\/p>","4.3.0.7":"fail2ban<\/code> filters; existing filters will continue to work as before. Premium users: Please backup your database before upgrading.<\/p>","4.2.8":"fail2ban<\/code> filters; existing filters will continue to work as before.<\/p>","4.0.5":"fail2ban<\/code> filters; existing filters will continue to work as before.<\/p>","3.6.0":"fail2ban<\/code> filters.<\/p>","3.5.3":"fail2ban<\/code> filters.<\/p>","3.5.1":"WP_FAIL2BAN_BLOCK_USER_ENUMERATION<\/code><\/a> in admin area....<\/p>","3.5.0":"fail2ban<\/code> filters.<\/p>","3.0.3":"fail2ban<\/code> filters.<\/p>","3.0.0":"fail2ban<\/code> filters have been split into two files. You will need up update your fail2ban<\/code> configuration.<\/p>","2.3.0":"WP_FAIL2BAN_PROXIES<\/code><\/a>; if you\u2019re not using it you can safely skip this release.<\/p>","2.2.1":"WP_FAIL2BAN_LOG<\/code> has been renamed to WP_FAIL2BAN_AUTH_LOG<\/code><\/a>.<\/p>\n\nwordpress.conf<\/code> filter has been updated; you will need to update your fail2ban<\/code> configuration.<\/p>","2.1.0":"wordpress.conf<\/code> filter has been updated; you will need to update your fail2ban<\/code> configuration.<\/p>","2.0.1":"wordpress.conf<\/code> has changed - you\u2019ll need to copy it to fail2ban\/filters.d<\/code> again.<\/p>"},"ratings":{"1":10,"2":4,"3":2,"4":4,"5":51},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":2814701,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":2814701,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":2814741,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":2814741,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0","1.1","1.2","1.2.1","2.0.0","2.1.0","2.1.1","2.2.0","2.2.1","2.3.0","2.3.1","2.3.2","3.0.0","3.0.1","3.0.2","3.0.3","3.5.0","3.5.1","3.5.3","3.6.0","4.3.0.4","4.3.0.5","4.3.0.6","4.3.0.7","4.3.0.8","4.3.0.9","4.4.0.3","4.4.0.4","4.4.0.6","4.4.0.8","4.4.0.9","5.0.0","5.0.1","5.1.0.5","5.1.1","5.2.0","5.2.1","5.2.2","5.2.2.1","5.3.0","5.3.1","5.3.2","5.3.3","5.3.4","5.4.0","5.4.0.1","5.4.1"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2439,9229,602,600,9231],"plugin_category":[38,54],"plugin_contributors":[78764],"plugin_business_model":[],"class_list":["post-1045","plugin","type-plugin","status-publish","hentry","plugin_tags-brute-force","plugin_tags-fail2ban","plugin_tags-login","plugin_tags-security","plugin_tags-syslog","plugin_category-authentication","plugin_category-security-and-spam-protection","plugin_contributors-invisnet","plugin_committers-invisnet"],"banners":{"banner":"https:\/\/ps.w.org\/wp-fail2ban\/assets\/banner-772x250.png?rev=2814741","banner_2x":"https:\/\/ps.w.org\/wp-fail2ban\/assets\/banner-1544x500.png?rev=2814741","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/wp-fail2ban\/assets\/icon-128x128.png?rev=2814701","icon_2x":"https:\/\/ps.w.org\/wp-fail2ban\/assets\/icon-256x256.png?rev=2814701","generated":false},"screenshots":[],"raw_content":"\nfail2ban<\/code>:<\/p>\n\nOct 17 20:59:54 foobar wordpress(www.example.com)[1234]: Authentication failure for admin from 192.168.0.1\nOct 17 21:00:00 foobar wordpress(www.example.com)[2345]: Accepted password for admin from 192.168.0.1\n<\/code><\/pre>\n\nfail2ban<\/code> filters: wordpress-hard.conf<\/code>, wordpress-soft.conf<\/code>, and wordpress-extra.conf<\/code>. These are designed to allow a split between immediate banning (hard) and the traditional more graceful approach (soft), with extra rules for custom configurations.<\/p>\n\nFeatures<\/h4>\n\n
\n
fail2ban<\/code> configuration is sane and that the filters are up to date; out-of-date filters are the primary cause of WPf2b<\/em> not working as well as it can.\nWhen did you last run the Site Health tool?<\/p><\/li>\nmu-plugins<\/code> Support<\/strong>\nWPf2b<\/em> can easily be configured as a \"must-use plugin\" - see Configuration<\/a>.<\/p><\/li>\nPremium<\/h4>\n\n