内容をスキップ
  • ログイン
  • 登録
WordPress.org

日本語

  • テーマ
  • プラグイン
  • ニュース
  • サポート
    • ドキュメンテーション
    • フォーラム
  • 概要
  • 参加・貢献
  • このサイトについて
  • WordPress を入手
WordPress を入手

プラグイン

  • お気に入り
  • ベータテスト
  • 開発者
ダウンロード

WP fail2ban – Advanced Security Plugin

作者: Charles Lecklider
  • 詳細
  • レビュー
  • インストール
  • 開発
サポート

説明

fail2ban is one of the simplest and most effective security measures you can implement to protect your WordPress site.

WP fail2ban provides the link between WordPress and fail2ban:

Oct 17 20:59:54 foobar wordpress(www.example.com)[1234]: Authentication failure for admin from 192.168.0.1
Oct 17 21:00:00 foobar wordpress(www.example.com)[2345]: Accepted password for admin from 192.168.0.1

WPf2b には、wordpress-hard.conf、wordpress-soft.conf、wordpress-extra.conf という3つのfail2ban フィルターが搭載されています。これらは、即時の禁止 (hard) と伝統的なより緩やかなアプローチ (soft) を分けて考えられるように設計されており、カスタム設定のための追加ルールもあります。

機能

  • Failed Login Attempts
    The very first feature of WPf2b: logging failed login attempts so the IP can be banned. Just as useful today as it was then.

  • Block User Enumeration
    One of the most common precursors to a password-guessing brute force attack is user enumeration. WPf2b can block it, stopping the attack before it starts.

  • Block username logins
    Sometimes it’s not possible to block user enumeration (for example, if your theme provides Author profiles). WPf2b can require users to login with their email address instead of their username.

  • Blocking Users
    Anther of the older WPf2b features: the login process can be aborted for specified usernames.
    Say a bot collected your site’s usernames before you blocked user enumeration. Once you’ve changed all the usernames, add the old ones to the list; anything using them will trigger a “hard” fail.

  • Empty Username Login Attempts
    Some bots will try to login without a username; harmless, but annoying. These attempts are logged as a “soft” fail so the more persistent bots will be banned.

  • Spam
    WPf2b will log a spammer’s IP address as a “hard” fail when their comment is marked as spam; the Premium version will also log the IP when Akismet discards “obvious” spam.

  • Attempted Comments
    Some spam bots try to comment on everything, even things that aren’t there. WPf2b detects these and logs them as a “hard” fail.

  • Pingbacks
    Pingbacks are a great feature, but they can be abused to attack the rest of the WWW. Rather than disable them completely, WPf2b effectively rate-limits potential attackers by logging the IP address as a “soft” fail.

  • Block XML‑RPC Requests [Premium]
    The only reason most sites need XML‑RPC (other than Pingbacks) is for Jetpack; WPf2b Premium can block XML‑RPC while allowing Jetpack and/or Pingbacks.

  • Block Countries [Premium]
    Sometimes you just need a bigger hammer – if you’re seeing nothing but attacks from some countries, block them!

  • Cloudflare and Proxy Servers
    WPf2b will work with Cloudflare, and the Premium version will automatically update the list of Cloudflare IP addresses.
    You can also configure your own list of trusted proxies.

  • 新しい – syslog ダッシュボード ウィジェット
    何が記録されているのか疑問に思ったことはありますか? 新しいダッシュボードウィジェットには、最後の5つのメッセージが表示されます。Premium バージョンでは、攻撃の分析と防止に役立つ完全な履歴が保持されます。

  • Site Health Check
    WPf2b will (try to) check that your fail2ban configuration is sane and that the filters are up to date; out-of-date filters are the primary cause of WPf2b not working as well as it can.
    When did you last run the Site Health tool?

  • mu-plugins Support
    WPf2b can easily be configured as a “must-use plugin” – see Configuration.

  • API to Extend WPf2b
    If your plugin can detect behaviour which should be blocked, why reinvent the wheel?

  • Event Hooks [Premium]
    Need to do something special when WPf2b detects a particular event? There’s a hook for that.

Premium

  • Web Application Firewall (WAF)
  • Akismet support.
  • Block XML‑RPC while allowing Jetpack and/or Pingbacks.
  • Block Countries.
  • Auto-update Cloudflare IPs.
  • Event log.
  • Event hooks.

インストール

  1. Plugin ディレクトリを介してインストールするか、プラグインディレクトリにアップロードします。
  2. WordPressのプラグインメニューよりプラグインを有効化します。
  3. Edit wp‑config.php to suit your needs – see Configuration.

評価

seamless

stixtsr 2023年8月10日
seamless integration with gridpane. all you have to do is enable and read the gridpane docs. thanks !

Great Plugin

narratorben 2022年12月5日
Great plugin, works well and far faster than PHP based blocking solutions. many thanks

For me works 110% combined

Boris 2022年11月7日
iptables+Maltrail+Fail2Ban+AbuseIP/DB+BinaryDefence/DB

“Hey! How do you like WP fail2ban so far?” Wheeeee!!

daveb444 2022年6月17日
Jesus. I've done everything I can to rid myself of this ad on every page of ever site I sue this plugin on. I've added CSS code, searched for PHP solutions, etc. No luck. Every page. Every site. Every visit. "Hey! How do you like WP fail2ban so far? Test all our awesome premium features with a 14-day free trial. No credit card required!" F--- me. I will literally never buy this plugin for any reason whatsoever for that alone. They could sell the pro version for fifty cents -and I'd say no on principle. Fix this sh-t.

Cant view IP’s or any information

obbzy 2022年6月7日
Just causes critical errors..

I have a love-hate relationship with this plugin…

Gwyneth Llewelyn 2022年4月7日
Ok, this is the kind of plugin I keep installing and deinstalling over time... Firstly: I'm no stranger to fail2ban, but I'm not really an expert in designing my own filters, either. I still know enough fail2ban-fu to tackle some tricky issues; ultimately, 90% of the complexity is in setting the correct regexps to catch log errors — that's easy enough to do 🙂 Secondly: as an experienced system administrator, the extra goodies that come with the subscription model are not really worth the expense. Some of those goodies are basically just automating procedures for those that aren't really familiar with fail2ban. Sure, the so-called Blocklist Network Service (BNS) is quite useful for preemptively block malicious IP addresses; but, as others have said elsewhere, you can pretty much accomplish the same with many other tools (most of them free). I mostly use AbuseIPDB (as well as the free version of WordFence), but your mileage may vary. Thirdly: aye, the constant nagging to upgrade to Premium is annoying. After a while it gets on your nerves. Sure, programmers need to eat, too, so I perfectly understand the need to grab the user's attention. I personally would prefer a one-shot fee to get most of the Premium functionality, or at least a way to turn off the constant nagging, like others already suggested; committing to a permanent subscription plan, no matter how cheap, is not really an option for those, like myself, who have irregular sources of income, and have to keep recurring payments at the bare minimum (e.g. utility bills...). I'd be fine to have very limited 'Premium' features for a single payment, and, sure, I'd pay US$40 for the privilege of not getting constantly nagged about upgrading... Fourthly: documentation. It's clear that Charles has put a huge effort in writing the documentation. Alas, the brunt of the effort was done around version 2 of wp-fail2ban. Recent features are barely documented, if at all (sometimes you only know that a feature exists, but have no idea about its purpose; sometimes there isn't even an empty page for said feature, so you have no way to know if it exists at all or not — short of taking a look at the source code, that is). Put in other words: to do the basics, there is enough documentation. To go a little further than that, or to figure out how to activate a recently introduced feature... well, there is often not enough help for that on the documentation. If you really need that feature, I guess you'll have a good incentive to go Premium 🙂 That said, is this plugin really that useful? You bet it is! There are a few other plugins attempting to do the same — i.e. integrating the WordPress logs with fail2ban — but they don't come even close. WP Fail2Ban goes way, way further than other plugins. A lot of features have been very cleverly implemented (for instance, even if a hacker gets access to your website's admin panel, despite all the protections, they'll have a tough time to fully disable the plugin...) and work quite well in practice. What is not even mentioned on the documentation is that, by default, if you host a lot of websites, and all of them have WP Fail2Ban active, then a single filter on fail2ban will deal with blocking them all. That's because WP Fail2Ban will add entries to syslog — which is common to the whole system. This is far better (and much faster!) than scanning each individual virtual host's logs! Also, you get correlations that aren't obvious, and can act upon those as well. Imagine the following scenario: a malicious hacker figured out that your server's IP address is actually hosting hundreds of separate websites. They have a brute-force script to try to guess passwords, but they also know that most WordPress installations, even quite basic ones, will block failed attempts after a while. So, what they do is to run the script across all websites, one by one, giving plenty of time between attempts — thus expecting to evade the most basic defence. A website that sees three failed logins in 'quick' succession can block that IP address effectively. But websites are independent of each other, so they cannot know if the others are being simultaneously being attacked or not; eventually, the failed attempt is 'forgotten' over time, and even if a request comes from the same IP address after an hour or two, it's likely that the defence system might not associate one thing with the other. It's just repeated attempts for the same login (usually from the same IP!) that trigger most alarms... Not so with WP Fail2Ban. Those hundreds of sites will all promptly log a failed attempt to the same universal log, syslog. Thus, fail2ban will immediately notice that there is someone attempting to log in — and failing all the time — on any of the websites, and, as a result, will count failed attempts on one site towards a common total. The result? Such a brute-force attack can easily be detected, promptly logged, and blocked — for all websites, not just for one! Even if you run multiple servers, each with different physical IP addresses, that's not a problem. syslog can be configured to accept remote logging from multiple sources. You might need to do a bit of tinkering (i.e. deciding which logging facility will be kept on the local machine, and which will be stored remotely), but such a configuration is certainly possible (WP Fail2Ban can be configured to use any syslog logging level/facility!). Sure, this requires a bit of extra scripting, but it's not a really hard thing to do — especially if you are able to instruct fail2ban to block IP addresses at the level of a common (physical) firewall. A very easy way to accomplish the same is to use something like Cloudflare: configure fail2ban to use Cloudflare's API to block an IP address at their firewall, and that address will be automatically blocked for all websites you've got protected with Cloudflare. All that for the modest cost of zero dollars. Another interesting feature is the ability to extend WP Fail2Ban with additional plugins. A few can be activated directly from the WordPress Plugin Library (e.g. to protect your Contact 7 or Gravity forms). But you can also write your own plugins to deal with particular configuration. This mostly means telling WP Fail2Ban what to trigger and write to syslog, and adding a fail2ban filter to seek for that message and process it accordingly. That way, you can add lots of additional functionalities that are not present in the 'core' WP Fail2Ban plugin, but which might be quite useful. Here is an example. fail2ban is mostly used to ban IP addresses, but it can do a lot more: an easy example is just to alert the system administrator that something is not working as it should, and send them an email (or a tweet, or something...). You can write a simple plugin to check for available memory (available to WordPress, that is), and if it's excessive (according to your own rules!), write a message to whatever syslog level you wish — and let fail2ban pick it up from there, eventually sending an alert. While this can be accomplished in several different ways, from the perspective of a system administrator, it's more manageable to have a 'common' framework for identifying malfunctions and/or (possible) security issues and configure them from the same interface (in this case, fail2ban scripts). By combining the ability of WP Fail2Ban to potentially register whatever is happening with your WP installation and write a message to syslog about it, and having fail2ban picking up those messages and extract a pattern that shows that something is wrong, you can effectively build a complex system around those tools that can give you a lot of insight on what's going on with your websites — and automate many of the tasks (fail2ban can attempt to restart a PHP instance that has been consistently reporting many out-of-memory errors, for example). I'm aware that there is a plethora of such tools available (New Relic comes to mind — just because it has a free tier, and it's enterprise-grade instrumentation), but combining the power of WP Fail2Ban with fail2ban itself and using syslog as a way to pass messages between both — that's pure genius, and a very clean and elegant way of doing even complex, automated tasks, just by using off-the-shelf tools (most of them free!). You can see that I have listed way more reasons why I love the concept behind WP Fail2Ban than the reasons why I hate it. I would say that it's the kind of plugin that you will actively use (it works in the background, after all), even though you can achieve similar results by adding lots of clever rules on fail2ban (without needing the extra help from WP Fail2Ban, that is). There are always trade-offs to consider — for example, where are you more comfortable dealing with security, at the WordPress level, or at the operating system level? (the correct answer, of course, is 'both' — but that might not be an option for everyone) Also, I'd rate WP Fail2Ban as being a 'comparatively light' plugin. It does use a few database calls, just for presenting the last five reported incidents on the dashboard — but you can even turn those off and save the cost of those database accesses. After all, most of the work will be done by fail2ban anyway — running silently in the background. WP Fail2Ban is just a very sophisticated logging tool (and the 'core' WP engine already does its share of logging, so it's not too much extra work), mostly providing a reasonably easy interface inside WordPress to configure how those 'special' logs ought to be written to syslog; that will hardly put too much stress on your own system (and syslog is designed to handle that stress!). A last note: I've repeatedly mentioned that WP Fail2Ban relies on syslog to write appropriate messages to it that fail2ban can capture and process, but there are different ways to configure it — you can bypass syslog, write the logs elsewhere (even on a memory-based filesystem, if you wish!), and just process these with fail2ban (which is rather agnostic about where it should look for logs). Using syslog (especially its built-in remote logging facilities!) might be a better solution in many scenarios, but it's not a requirement for you to use WP Fail2Ban.
65件のレビューをすべて表示

貢献者と開発者

WP fail2ban – Advanced Security Plugin はオープンソースソフトウェアです。以下の人々がこのプラグインに貢献しています。

貢献者
  • invisnet

“WP fail2ban – Advanced Security Plugin” は3ロケールに翻訳されています。 翻訳者のみなさん、翻訳へのご協力ありがとうございます。

“WP fail2ban – Advanced Security Plugin” をあなたの言語に翻訳しましょう。

開発に興味がありますか ?

コードを閲覧するか、SVN リポジトリをチェックするか、開発ログを RSS で購読してみてください。

変更履歴

5.2.1

  • Fix bug in WAF when not logged in (h/t Rudi Diedrich). [Premium only]
  • Site Health: Add support for open_basedir (h/t Jaroslav Huba).
  • Freemius ライブラリを更新。

5.2.0

  • Add new filter file for WAF events. [Premium only]
  • Add WAF feature: prevent unauthorised user deletion. [Premium only].
  • Fix untrusted proxy message.
  • Work-around for WooCommerce bug causing double logging of password reset requests (h/t @anuja).
  • Site Health: Improve notifications.

5.1.1

  • Freemius ライブラリを更新。

5.1.0

  • Web Application Firewall. [Premium only]
  • Add PTR record lookup to event report. [Premium only]
  • Improve report performance. [Premium only]
  • Site Health: Check fail2ban is running.
  • Site Health: Obsolete Filters – Detect DigitalOcean Droplet and link to documentation.
  • Fix harmless warning (h/t @Yavor).
  • Fix warning caused by bug in Google Sitekit (h/t @DaWolfey).
  • Freemius ライブラリを更新。

5.0.1

  • Tweak Site Health notifications.
  • Freemius ライブラリを更新。

5.0.0 “Delphi”

  • IPv6 support.
  • Akismet support. [Premium only]
  • Auto-update Cloudflare IPs. [Premium only]
  • Event hooks. [Premium only]
  • Performance improvements:
    • Improve reports. [Premium only]
    • Cache IP lists. [Premium only]
    • Cache Plugin API message registration. [Premium only]
  • Site Health: Check installed filters against previous versions.
  • Moved “Authentication attempt for unknown user” to wordpress-soft.conf.
  • Moved “extra” Comment messages to wordpress-soft.conf.
  • Show date/time in local timezone (h/t @geniusmedia). [Premium only]
  • Deprecate WP_FAIL2BAN_LOG_COMMENTS_EXTRA and WP_FAIL2BAN_COMMENT_EXTRA_LOG; use WP_FAIL2BAN_LOG_COMMENT_ATTEMPTS and WP_FAIL2BAN_COMMENT_ATTEMPT_LOG instead.
  • Freemius ライブラリを更新。

Please read the notes before upgrading.

4.4.0.9

  • Preparation for v5: prevent auto-updating across major release.
  • Freemius ライブラリを更新。

4.4.0.8

  • Back-port fix for mu-plugins activation.
  • Freemius ライブラリを更新。

4.4.0.7

  • Back-port fix for type error in menu-fixer when viewing Event Log (h/t @geniusmedia). [Premium only]
  • Back-port fixes for event summaries. [Premium only]
  • Freemius ライブラリを更新。

4.4.0.6

  • Fix initialisation error in event log. [Premium only]
  • Fix type error in event log when no events available. [Premium only]
  • Freemius ライブラリを更新。

4.4.0.5

  • Fix type error on Remote IPs tab with no MaxMind database configured (h/t @Tobias‑Conrad). [Premium only]
  • Freemius ライブラリを更新。

4.4.0.4

  • Fix warning with array of blocked users (h/t @Znuff).
  • Fix reports. [Premium only]

4.4.0.3

  • Fix type error (h/t @brianshim).

4.4.0.2

  • Add WP_FAIL2BAN_USE_AUTHPRIV – a single place to switch to LOG_AUTHPRIV for systems without LOG_AUTH.
  • Add WP_FAIL2BAN_FREE_ONLY.
  • Add WP_FAIL2BAN_PLUGIN_LOG_OTHER and WP_FAIL2BAN_PLUGIN_OTHER_LOG.
  • Improve performance.
  • Moved cron event to update trusted Cloudflare IP ranges to the Cloudflare add-on. [Premium only]
  • Add support for Pingbacks while blocking XML‑RPC. [Premium only]
  • Freemius ライブラリを更新。

4.3.2.2

  • Add cron event to update trusted Cloudflare IP ranges weekly. [Premium only]
  • Add cron event to update trusted Jetpack IP ranges weekly. [Premium only]
  • Add cron event to update MaxMind database weekly. [Premium only]
  • Workaround for missing syslog constants in Windows (h/t @dmarkowicz).
  • Clarify upgrade message on Last 5 Messages widget. [Free only]
  • Merge About and Status tabs. [Premium only]
  • Freemius ライブラリを更新。

4.3.2.1

  • Add support for WP fail2ban Blocklist.
  • Add new Standard Configurations.
  • Improve Help links.
  • Fix logging checkboxes [Premium only].
  • 最後のメッセージを無効にする間違った定数を修正 (h/t @kermina)。
  • 共同作成者が別のユーザーによる投稿をリストしようとしたときに、ユーザーの列挙をブロックすることで誤検知を修正。
  • Fix index issue with ancient versions of MySQL.
  • 定義されているが空の無害な警告 WP_FAIL2BAN_PROXIES を修正 (h/t @stevegrunwell)。
  • 新しいブロック イベント クラスをバックポート。
  • Freemius ライブラリを更新。
  • Change to GPLv3 with additional terms as per Section 7.

4.3.2.0

  • Add support for blocking by Country. [Premium only]
  • Add XML‑RPC blocking; allow trusted IPs and Jetpack (h/t @mhweb). [Premium only]

4.3.0.9

  • 最後のメッセージを無効にする間違った定数を修正 (h/t @kermina)。
  • 共同作成者が別のユーザーによる投稿をリストしようとしたときに、ユーザーの列挙をブロックすることで誤検知を修正。
  • MySQL の古いバージョンでのインデックスの問題を修正。[プレミアムのみ]
  • 定義されているが空の無害な警告 WP_FAIL2BAN_PROXIES を修正 (h/t @stevegrunwell)。
  • 新しいブロック イベント クラスをバックポート。
  • Freemius ライブラリを更新。

4.3.0.8

  • Gutenberg 事前読み込み作成者リストによってトリガーされるユーザー列挙ブロックの回避策の問題。(h/t @brrrrrrrt)[WordPress のみ]

4.3.0.7

  • wp-config.php に定数を含めることを可能にするリファクタリングが完了。(h/t @iCounsellor)
  • MaxMind のデータベースの更新を修正。[プレミアムのみ]

4.3.0.6

  • ユーザーの列挙ブロックが有効になっている場合、エディタの下のロールの [投稿] ページで [禁止エラーを修正します。[WordPress のみ]

4.3.0.5

  • マルチサイトの空のユーザー名検出を修正。
  • 新しいマルチサイト インストールをアクティブ化する際の無害な警告を修正。
  • functions.php ファイルを含むディレクトリ内の CLI から実行されるスクリプトを介して wp-load.php が読み込まれる難解なエッジケースを修正。

4.3.0.4 “Columbo”

  • 新しいダッシュボードウィジェットを追加: 最後の5つの syslog メッセージ。
  • Add full multisite support.
  • Add username login blocking (force login with email).
  • Add separate logging for login attempts with an empty username.
  • Improve user enumeration blocking compatibility with the WordPress block editor (Gutenberg).
  • PHP の最小バージョンを 5.6 に設定します。

4.2.8

  • Add link to new support forum.
  • Gutenberg とのユーザー列挙の競合を修正 (h/t @dinghy)。
  • 通知の通知管理メニューを修正 (h/t @marioivangf)。
  • 無害な XDebug 通知を修正 (h/t @dinghy)。
  • Freemius ライブラリを更新。

4.2.7.1

  • oembed を介してユーザーの列挙をブロックするときのエラー を修正 (h/t @wordpressfab)。

4.2.7

  • REST を介してユーザーの列挙をブロックする場合のエラーを修正。
  • [設定] タブのボタンを修正。

4.2.6

  • Add support for Remote Tools add-on.
  • 新しい ClassicPress セキュリティ ページのサポートを追加。
  • ユーザー列挙ブロックの改善。

4.2.5.1

  • PHP < 7.0 でプレミアムアクティベーションの問題を修正。

4.2.5

  • PHP 5.3 のサポートを正しく修正します。CentOS 6でテストされました。UI またはプレミアム機能をサポートしていません。
  • 管理領域から REST API または XMLRPC を呼び出す場合の WP_FAIL2BAN_BLOCK_USER_ENUMERATION の潜在的な問題を修正。

4.2.4

  • ログイン失敗メッセージのフィルタを追加。
  • 管理領域からのスパムコメントのログ記録を修正。
  • プラグインページから設定リンクを修正。
  • Freemius ライブラリを更新

4.2.3

  • いくつかのバージョンの PHP 7.x では define() が無視される問題を回避します。
  • 設定タブに設定メモを追加。
  • ドキュメントリンクを修正。

4.2.2

  • 5.3 の互換性を修正。

4.2.1

  • Completed support for WP_FAIL2BAN_COMMENT_EXTRA_LOG.
  • Add support for 3rd-party plugins; see Developers.
    • Add-on for Contact Form 7 (experimental).
    • Gravity Forms 用アドオン (実験的)。
  • パスワードが正しくない既知のユーザーのログを変更します。以前は不明なユーザーとして記録され、 hard フィルタによって一致しました (古いバージョンの WordPress の制限による)、現在は既知のユーザーとして記録され、 soft によって一致します。
  • ユーザー名として電子メールのバグ修正 – 正しく記録され、hard フィルターではなく 、soft フィルターによって一致しました。
  • 無料/プレミアムの競合を防ぐためのコードでの回帰のバグ修正。

4.2.0

  • リリースされていません。

4.1.0

  • REST 認証用に個別のログを追加。
  • Fix conflict with earlier versions preinstalled in mu‑plugins. See Is WPf2b Already Installed?.

4.0.5

  • Add WP_FAIL2BAN_COMMENT_EXTRA_LOG.
  • Add WP_FAIL2BAN_PINGBACK_ERROR_LOG (future functionality).
  • WP_FAIL2BAN_LOG_SPAM が LOG_NOTICE 使用するように変更。
  • WP_FAIL2BAN_SPAM_LOG を LOG_AUTH に変更。
  • WP_FAIL2BAN_LOG_COMMENTS_EXTRA イベントを、デフォルトで LOG_NOTICE を使用するように変更。
  • mu-plugins で 3.x との競合を修正。

4.0.2

  • PHP 5.3 の互換性を修正。
  • WP_FAIL2BAN_LOG_COMMENTS_EXTRA のバグ修正。
  • WP_FAIL2BAN_REMOTE_ADDR 概要のバグ修正。

4.0.1

  • Freemius 経由で追加機能を追加します。これは完全にオプションです。 WPf2b は、ここに記載されている新機能を含め、以前と同様に動作します。
  • 設定の概要ページを追加 (設定 -> WP fail2ban)。
  • Add WP_FAIL2BAN_PASSWORD_REQUEST_LOG.
  • Add WP_FAIL2BAN_SPAM_LOG.
  • Add WP_FAIL2BAN_LOG_COMMENTS_EXTRA – enable logging for attempted comments on posts which are:
    • not found,
    • コメントのために閉じ、
    • ゴミ箱で、
    • ドラフト、
    • パスワードで保護
  • REST API を使用してユーザーの列挙をブロック。

4.0.0

  • リリースされていません。

3.6.0

  • The filter files are now generated from PHPDoc in the code. There were too many times when the filters were out of sync with the code (programmer error) – this should resolve that by bringing the patterns closer to the code that emits them.
  • Added PHPUnit tests. Almost 100% code coverage, with the exception of WP_FAIL2BAN_PROXIES which is quite hard to test properly.
  • Bug-fix for wordpress-soft.conf.
  • Add WP_FAIL2BAN_XMLRPC_LOG.
  • Add WP_FAIL2BAN_REMOTE_ADDR.
  • WP_FAIL2BAN_PROXIES now supports an array of IPs with PHP 7.
  • Moved all documentation to https://docs.wp-fail2ban.com/.

3.5.3

  • Bug-fix for wordpress-hard.conf.

3.5.1

  • Bug-fix for WP_FAIL2BAN_BLOCK_USER_ENUMERATION.

3.5.0

  • Add WP_FAIL2BAN_OPENLOG_OPTIONS.
  • Add WP_FAIL2BAN_LOG_COMMENTS and WP_FAIL2BAN_COMMENT_LOG.
  • Add WP_FAIL2BAN_LOG_PASSWORD_REQUEST.
  • Add WP_FAIL2BAN_LOG_SPAM.
  • Add WP_FAIL2BAN_TRUNCATE_HOST.
  • WP_FAIL2BAN_BLOCKED_USERS now supports an array of users with PHP 7.

3.0.3

  • Fix regex in wordpress-hard.conf.

3.0.2

  • XML-RPC 認証エラーの WP 4.5.x での二重ログの防止

3.0.1

  • Fix regex in wordpress-hard.conf.

3.0.0

  • Add WP_FAIL2BAN_SYSLOG_SHORT_TAG.
  • Add WP_FAIL2BAN_HTTP_HOST.
  • XML-RPC 認証エラーをログに記録。
  • MU 展開のサポートを強化。

2.3.2

  • Bug-fix WP_FAIL2BAN_BLOCKED_USERS.

2.3.0

  • Bug-fix in experimental WP_FAIL2BAN_PROXIES code (thanks to KyleCartmell).

2.2.1

  • Fix stupid mistake with WP_FAIL2BAN_BLOCKED_USERS.

2.2.0

  • Custom authentication log is now called WP_FAIL2BAN_AUTH_LOG.
  • Add logging for pingbacks; see WP_FAIL2BAN_LOG_PINGBACKS.
  • Custom pingback log is called WP_FAIL2BAN_PINGBACK_LOG.

2.1.1

  • マイナーなバグ修正。

2.1.0

  • Add support for blocking user enumeration; see WP_FAIL2BAN_BLOCK_USER_ENUMERATION.
  • Add support for CIDR notation in WP_FAIL2BAN_PROXIES.

2.0.1

  • Bug-fix in experimental WP_FAIL2BAN_PROXIES code.

2.0.0

  • Add experimental support for X-Forwarded-For header; see WP_FAIL2BAN_PROXIES.
  • Add experimental support for regex-based login blocking; see WP_FAIL2BAN_BLOCKED_USERS.

1.2.1

  • FAQ を更新。

1.2

  • 無害な警告を修正。

1.1

  • マイナーなコスメティックの更新。

1.0

  • 最初のリリース。

メタ

  • バージョン: 5.2.1
  • 最終更新日: 2週間前
  • 有効インストール数: 70,000+
  • WordPress バージョン: 4.2またはそれ以降
  • 検証済み最新バージョン: 6.3.1
  • PHP バージョン: 7.4またはそれ以降
  • 言語:

    Chinese (China)、English (Canada)、English (US)、French (France).

    プラグインを翻訳

  • タグ:
    Brute Forcefail2banloginsecuritysyslog
  • 詳細を表示

評価

すべて表示
  • 5つ星 50
  • 4つ星 4
  • 3つ星 2
  • 2つ星 4
  • 1つ星 6
レビューを申請するにはログインしてください。

貢献者

  • invisnet

サポート

過去2ヶ月以内に解決した問題:

0 / 1

サポートフォーラムを表示

  • WordPress とは
  • ニュース
  • ホスティング
  • 寄付
  • ノベルティグッズ
  • サポート
  • 開発者
  • 参加・貢献
  • Learn
  • ショーケース
  • プラグイン
  • テーマ
  • パターン
  • WordCamp
  • WordPress.TV
  • BuddyPress
  • bbPress
  • WordPress.com
  • マット・マレンウェッグ
  • プライバシー
  • 公開コード
WordPress.org
WordPress.org

日本語

  • Facebook ページへ
  • Twitter アカウントへ
  • Instagram アカウントへ
  • LinkedIn アカウントへ
  • YouTube チャンネルにアクセス
Code is Poetry.