Hast du schon an der WordPress-Umfrage 2019 teilgenommen?
Zum Inhalt springen

WordPress.org

Deutsch

  • Startseite
  • Themes
  • Plugins
  • Blog
  • Hilfe
  • Meetups
  • Mitmachen
  • FAQ
  • Über
  • Hol dir WordPress

Plugins

  • Meine Favoriten
  • Beta-Test
  • Entwickler
Herunterladen

WP fail2ban

Von Charles Lecklider
  • Details
  • Rezensionen
  • Installation
  • Support
  • Entwicklung

Beschreibung

fail2ban is one of the simplest and most effective security measures you can implement to prevent brute-force attacks.

WP fail2ban logs all login attempts – including via XML-RPC, whether successful or not, to syslog using LOG_AUTH. For example:

Oct 17 20:59:54 foobar wordpress(www.example.com)[1234]: Authentication failure for admin from 192.168.0.1
Oct 17 21:00:00 foobar wordpress(www.example.com)[2345]: Accepted password for admin from 192.168.0.1

WPf2b comes with three fail2ban filters: wordpress-hard.conf, wordpress-soft.conf, and wordpress-extra.conf. These are designed to allow a split between immediate banning (hard) and the traditional more graceful approach (soft), with extra rules for custom configurations.

Features

  • NEW – Remote Tools Add-on
    The Remote Tools add-on provides extra features without adding bloat to the core plugin. For more details see the add-on page.

    NB: Requires PHP >= 5.6

  • NEW – Support for 3rd-party Plugins
    Version 4.2 introduces a simple API for authors to integrate their plugins with WPf2b, with 2 experimental add-ons:

    • Contact Form 7
    • Gravity Forms

    NB: Requires PHP >= 5.6

  • CloudFlare and Proxy Servers
    WPf2b can be configured to work with CloudFlare and other proxy servers. For an overview see WP_FAIL2BAN_PROXIES.

  • Comments
    WPf2b can log comments (see WP_FAIL2BAN_LOG_COMMENTS) and attempted comments (see WP_FAIL2BAN_LOG_COMMENTS_EXTRA).

  • Pingbacks
    WPf2b logs failed pingbacks, and can log all pingbacks. For an overview see WP_FAIL2BAN_LOG_PINGBACKS.

  • Spam
    WPf2b can log comments marked as spam. See WP_FAIL2BAN_LOG_SPAM.

  • Block User Enumeration
    WPf2b can block user enumeration. See WP_FAIL2BAN_BLOCK_USER_ENUMERATION.

  • Work-Arounds for Broken syslogd
    WPf2b can be configured to work around most syslogd weirdness. For an overview see WP_FAIL2BAN_SYSLOG_SHORT_TAG and WP_FAIL2BAN_HTTP_HOST.

  • Blocking Users
    WPf2b can be configured to short-cut the login process when the username matches a regex. For an overview see WP_FAIL2BAN_BLOCKED_USERS.

  • mu-plugins Support
    WPf2b can easily be configured as a must-use plugin – see Configuration.

Installation

  1. Install via the Plugin Directory, or upload to your plugins directory.
  2. Activate the plugin through the ‚Plugins‘ menu in WordPress.
  3. Edit wp-config.php to suit your needs – see Configuration.

Rezensionen

Nags for update to pro

Phil McKerracher 19. September 2019
Nagging messages about updating to the pro version every few seconds, even after they are "dismissed". Apart from that it seems to work OK, though it has too many irrelevant configuration options.

Was great until 4.x

negrusti 3. August 2019
Was simple and great plugin until some 4.x version where it added Freemius marketing component making calls to api.freemius.com. Have to revert to the older version for that reason. At some point the plugin was also vulnerable because of this component.

Works like a charm

nssy 10. Januar 2019
Been using this for a while now. Integration with fail2ban is pretty straight forward.

This plugin is perfect, essential – thank you so much

herculesnetwork 12. August 2018
This plugin is perfect, essencial - thank you so much the best thing about this plugin after it works perfectly, is that it does not change the directories nor names of the configuration files, something unpleasant that always happens in plugins, you configure everything for the given file, and a certain directory of the plugin and in a new version unnecessarily the plugin changes the things of place. this plugin I have a long time, and I have a command to copy and paste the w2 fail2ban plugin settings to fail2ban, and things continue as usual. Thanks to the developer. Who does not give 5 stars, does not know how to use it.

Perfect – worked first time

commando 9. Juli 2017
Great plugin, that worked first time. On Amazon Linux / Centos the location of the log file is /var/log/messages

Very useful

sillystring 6. März 2017
Great idea if you host your own server and use fail2ban. Thanks!
Lies alle 49 Rezensionen

Mitwirkende & Entwickler

„WP fail2ban“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:

Mitwirkende
  • invisnet

„WP fail2ban“ wurde in 1 Sprache übersetzt. Danke an die Übersetzerinnen und Übersetzer für ihre Mitwirkung.

Übersetze „WP fail2ban“ in deine Sprache.

Interessiert an der Entwicklung?

Durchstöbere den Code, sieh dir das SVN Repository an oder abonniere das Entwicklungsprotokoll per RSS.

Änderungsprotokoll

4.2.7.1

  • Fix error when blocking user enumeration via oembed (h/t @wordpressfab).

4.2.7

  • Fix error when blocking user enumeration via REST.
  • Fix buttons on Settings tabs.

4.2.6

  • Add support for Remote Tools add-on.
  • Add support for the new ClassicPress security page.
  • Improved user enumeration blocking.

4.2.5.1

  • Fix premium activation issue with PHP < 7.0.

4.2.5

  • Properly fix PHP 5.3 support; tested on CentOS 6. Does not support any UI or Premium features.
  • Fix potential issue with WP_FAIL2BAN_BLOCK_USER_ENUMERATION if calling REST API or XMLRPC from admin area.

4.2.4

  • Add filter for login failed message.
  • Fix logging spam comments from admin area.
  • Fix Settings link from Plugins page.
  • Update Freemius library

4.2.3

  • Workaround for some versions of PHP 7.x that would cause define()s to be ignored.
  • Add config note to settings tabs.
  • Fix documentation links.

4.2.2

  • Fix 5.3 compatibility.

4.2.1

  • Completed support for WP_FAIL2BAN_COMMENT_EXTRA_LOG.
  • Add support for 3rd-party plugins; see Developers.
    • Add-on for Contact Form 7 (experimental).
    • Add-on for Gravity Forms (experimental).
  • Change logging for known-user with incorrect password; previously logged as unknown user and matched by hard filters (due to limitations in older versions of WordPress), now logged as known user and matched by soft.
  • Bugfix for email-as-username – now logged correctly and matched by soft, not hard, filters.
  • Bugfix for regression in code to prevent Free/Premium conflict.

4.2.0

  • Not released.

4.1.0

  • Add separate logging for REST authentication.
  • Fix conflict with earlier versions pre-installed in mu-plugins. See Is WPf2b Already Installed?.

4.0.5

  • Add WP_FAIL2BAN_COMMENT_EXTRA_LOG.
  • Add WP_FAIL2BAN_PINGBACK_ERROR_LOG (future functionality).
  • Change WP_FAIL2BAN_LOG_SPAM to use LOG_NOTICE.
  • Change WP_FAIL2BAN_SPAM_LOG to LOG_AUTH.
  • Change WP_FAIL2BAN_LOG_COMMENTS_EXTRA events to use LOG_NOTICE by default.
  • Fix conflict with 3.x in mu-plugins.

4.0.2

  • Fix PHP 5.3 compatibility.
  • Bugfix for WP_FAIL2BAN_LOG_COMMENTS_EXTRA.
  • Bugfix for WP_FAIL2BAN_REMOTE_ADDR summary.

4.0.1

  • Add extra features via Freemius. This is entirely optional. WPf2b works as before, including new features listed here.
  • Add settings summary page (Settings -> WP fail2ban).
  • Add WP_FAIL2BAN_PASSWORD_REQUEST_LOG.
  • Add WP_FAIL2BAN_SPAM_LOG.
  • Add WP_FAIL2BAN_LOG_COMMENTS_EXTRA – enable logging for attempted comments on posts which are:
    • not found,
    • closed for commenting,
    • in the trash,
    • drafts,
    • password protected
  • Block user enumeration via REST API.

4.0.0

  • Not released.

3.6.0

  • The filter files are now generated from PHPDoc in the code. There were too many times when the filters were out of sync with the code (programmer error) – this should resolve that by bringing the patterns closer to the code that emits them.
  • Added PHPUnit tests. Almost 100% code coverage, with the exception of WP_FAIL2BAN_PROXIES which is quite hard to test properly.
  • Bugfix for wordpress-soft.conf.
  • Add WP_FAIL2BAN_XMLRPC_LOG.
  • Add WP_FAIL2BAN_REMOTE_ADDR.
  • WP_FAIL2BAN_PROXIES now supports an array of IPs with PHP 7.
  • Moved all documentation to https://docs.wp-fail2ban.com/.

3.5.3

  • Bugfix for wordpress-hard.conf.

3.5.1

  • Bugfix for WP_FAIL2BAN_BLOCK_USER_ENUMERATION.

3.5.0

  • Add WP_FAIL2BAN_OPENLOG_OPTIONS.
  • Add WP_FAIL2BAN_LOG_COMMENTS and WP_FAIL2BAN_COMMENT_LOG.
  • Add WP_FAIL2BAN_LOG_PASSWORD_REQUEST.
  • Add WP_FAIL2BAN_LOG_SPAM.
  • Add WP_FAIL2BAN_TRUNCATE_HOST.
  • WP_FAIL2BAN_BLOCKED_USERS now supports an array of users with PHP 7.

3.0.3

  • Fix regex in wordpress-hard.conf.

3.0.2

  • Prevent double logging in WP 4.5.x for XML-RPC authentication failure

3.0.1

  • Fix regex in wordpress-hard.conf.

3.0.0

  • Add WP_FAIL2BAN_SYSLOG_SHORT_TAG.
  • Add WP_FAIL2BAN_HTTP_HOST.
  • Log XML-RPC authentication failure.
  • Add better support for MU deployment.

2.3.2

  • Bugfix WP_FAIL2BAN_BLOCKED_USERS.

2.3.0

  • Bugfix in experimental WP_FAIL2BAN_PROXIES code (thanks to KyleCartmell).

2.2.1

  • Fix stupid mistake with WP_FAIL2BAN_BLOCKED_USERS.

2.2.0

  • Custom authentication log is now called WP_FAIL2BAN_AUTH_LOG.
  • Add logging for pingbacks; see WP_FAIL2BAN_LOG_PINGBACKS.
  • Custom pingback log is called WP_FAIL2BAN_PINGBACK_LOG.

2.1.1

  • Minor bugfix.

2.1.0

  • Add support for blocking user enumeration; see WP_FAIL2BAN_BLOCK_USER_ENUMERATION.
  • Add support for CIDR notation in WP_FAIL2BAN_PROXIES.

2.0.1

  • Bugfix in experimental WP_FAIL2BAN_PROXIES code.

2.0.0

  • Add experimental support for X-Forwarded-For header; see WP_FAIL2BAN_PROXIES.
  • Add experimental support for regex-based login blocking; see WP_FAIL2BAN_BLOCKED_USERS.

1.2.1

  • Update FAQ.

1.2

  • Fix harmless warning.

1.1

  • Minor cosmetic updates.

1.0

  • Erstveröffentlichung

Meta

  • Version: 4.2.7.1
  • Zuletzt aktualisiert: vor 3 Wochen
  • Aktive Installationen: 40.000+
  • WordPress-Version: 4.2 oder höher
  • Getestet bis: 5.3
  • PHP-Version: 5.3 oder höher
  • Sprachen:

    English (Canada) und English (US).

    Übersetze in deine Sprache

  • Schlagwörter:
    Brute Forcefail2banloginsecuritysyslog
  • Erweiterte Ansicht

Bewertungen

Alle anzeigen
  • 5 Sterne 44
  • 4 Sterne 3
  • 3 Sterne 0
  • 2 Sterne 2
  • 1 Stern 0

Mitwirkende

  • invisnet

Support

Behobene Probleme in den letzten zwei Monaten:

2 von 2

Supportforum anzeigen

Spenden

Möchtest du die Weiterentwicklung dieses Plugins unterstützen?

Für dieses Plugin spenden

  • Über
  • Blog
  • Hosting
  • Spenden
  • Support
  • Entwicklung
  • Mitmachen
  • Showcase
  • Plugins
  • Themes
  • WordCamp
  • WordPress.TV
  • BuddyPress
  • bbPress
  • WordPress.com
  • Matt
  • Datenschutz
  • Public Code
  • @WordPress
  • WordPress

Code ist Poesie.

Zur Werkzeugleiste springen
  • Über WordPress
    • Über WordPress
    • WordPress.org
    • Dokumentation
    • Support
    • Feedback
  • Anmelden
  • Registrieren