Hi,

This plugin was updated to 5.2.2.1 and immediately my site crashed. I have to remove the plugin via FTP to get my site to life again.

I couldn’t even access the WordPress administrator while it was installed.

Is there a solution on the way? Thank you.

One of my sites just auto-updated WP Fail2Ban to 5.2.2, and the following error came up. I then reproduced by manually updating from 5.2.1 to 5.2.2 on another site.

[Sun Jan 28 16:19:57.871449 2024] [proxy_fcgi:error] [pid 127891:tid 139808850159168] [client 76.118.100.248:52218] AH01071: Got error ‘PHP message: PHP Warning: require_once(/srv/www/SITE/public_html/wp-content/plugins/wp-fail2ban/vendor/freemius/wordpress-sdk/includes/class-fs-garbage-collector.php): Failed to open stream: No such file or directory in /srv/www/SITE/public_html/wp-content/plugins/wp-fail2ban/vendor/freemius/wordpress-sdk/require.php on line 22PHP message: PHP Fatal error: Uncaught Error: Failed opening required ‘/srv/www/SITE/public_html/wp-content/plugins/wp-fail2ban/vendor/freemius/wordpress-sdk/includes/class-fs-garbage-collector.php’ (include_path=’.:/usr/share/php’) in /srv/www/SITE/public_html/wp-content/plugins/wp-fail2ban/vendor/freemius/wordpress-sdk/require.php:22\nStack trace:\n#0 /srv/www/SITE/public_html/wp-content/plugins/wp-fail2ban/vendor/freemius/wordpress-sdk/start.php(514): require_once()\n#1 /srv/www/SITE/public_html/wp-content/plugins/wp-fail2ban/freemius.php(39): require_once(‘…’)\n#2 /srv/www/SITE/public_html/wp-content/plugins/wp-fail2ban/freemius.php(67): org\lecklider\charles\wordpress\wp_fail2ban\wf_fs()\n#3 /srv/www/SITE/public_html/wp-content/plugins/wp-fail2ban/wp-fail2ban.php(55): require_once(‘…’)\n#4 /srv/www/SITE/public_html/wp-settings.php(473): include_once(‘…’)\n#5 /srv/www/SITE/public_html/wp-config.php(91): require_once(‘…’)\n#6 /srv/www/SITE/public_html/wp-load.php(50)…’, referer: https://www.SITE/wp-admin/plugins.php

Disabling the plugin fixes the error. Completely removing the folder, then reinstalling it with wp plugin install --activate wp-fail2ban causes the error to return. Commenting out line 22 in require.php seems to work temporarily as class-fs-garbage-collector.php doesn’t exist.

• This topic was modified 9 months, 4 weeks ago by thecmg.

I installed the plugin in a wordpress installation that uses the default wordpress:latest docker image. In my compose file I added a volume logs to write /var/log/apache2 to. However, after a deliberate failed login access.log just shows:

192.168.2.254 - - [18/Oct/2023:10:24:25 +0000] "POST /wp-login.php HTTP/1.1" 200 2358 "https://mydomain.com/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"

error.log does not show anything useful either. How can I configure fail2ban? Where do I find or add the right logs?

It is behind Caddy, a reverse proxy? Not sure where those logs would be either.

We have Plesk servers running Fail2Ban and Mod_Security.

Does this plugin run instead of using serverwide fail2ban or is it as well as to add extra rules specific to WordPress?

I have been recommended your plugin but I cannot see why I would need it if I have fail2ban running server wide.

Can you explain the difference?

What happen if I update the plugin without checking anything?

You are not clear in the statement about updating to version 5, how one know if filters need updating before upgrading to version 5?

If I’ve been using fail2ban as is. I mean, I created the droplet in Digital Ocean, I’ve never touch anything about the plugin. Do I have to worry about issues going from version 4 to 5?

Also, what do you mean with updating filters before updating? Updating meaning what needs to change?

• This topic was modified 1 year, 8 months ago by wpmhweb.
• This topic was modified 1 year, 8 months ago by wpmhweb.

If I’ll be using Cloudfare for CDN, is it totally required to configure Fail2Ban Cloudflare integration? Can the CDN just work without this implementation?

I recently set up Cloudflare on a website, and a day after suddenly started the 521 error. Up on research, it appears that the server firewall started blocking the CF IPs. So I know I have to whitelist the CF address in the firewall. However, I have also checked the fail2ban logs, and I found these entries (just showing a few entries as example):

2022-10-10 09:00:36,485 fail2ban.filter [804]: INFO [wordpress-hard] Found 162.158.62.98 - 2022-10-10 09:00:36
2022-10-10 09:01:37,795 fail2ban.filter [804]: INFO [wordpress-hard] Found 162.158.62.6 - 2022-10-10 09:01:37

Does this mean that fail2ban is also blocking Cloudfare? If so, how do I whitelist the CF IPs with the free version of fail2ban? Or what is it that I need to do?
Thanks,

I am posting here because your new forum@ invis.net won’t let me post (after joining)

Fail2Ban causes FATAL ERROR in WP-Cron, IE. wp-cron CRASHES and stops working.

Since 03/03/2022 (AU time)

From PHP errors txt:

[05-Mar-2022 03:53:20 UTC] PHP Fatal error:  Uncaught TypeError: Argument 2 passed to org\lecklider\charles\wordpress\wp_fail2ban\feature\log_message() must be of the type string or null, array given, called in /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-includes/class-wp-hook.php on line 307 and defined in /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-content/plugins/wp-fail2ban/feature/plugins.php:233
Stack trace:
#0 /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-includes/class-wp-hook.php(307): org\lecklider\charles\wordpress\wp_fail2ban\feature\log_message()
#1 /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters()
#2 /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-includes/plugin.php(474): WP_Hook->do_action()
#3 /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-content/plugins/wp-fail2ban-addon-contact-form-7/functions.php(52): do_action()
#4 /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-includes/class-wp-hook.php(309): com\wp_fail2ban\addons in /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-content/plugins/wp-fail2ban/feature/plugins.php on line 233
[05-Mar-2022 12:20:25 UTC] PHP Fatal error:  Uncaught TypeError: Argument 2 passed to org\lecklider\charles\wordpress\wp_fail2ban\feature\log_message() must be of the type string or null, array given, called in /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-includes/class-wp-hook.php on line 307 and defined in /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-content/plugins/wp-fail2ban/feature/plugins.php:233
Stack trace:
#0 /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-includes/class-wp-hook.php(307): org\lecklider\charles\wordpress\wp_fail2ban\feature\log_message()
#1 /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters()
#2 /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-includes/plugin.php(474): WP_Hook->do_action()
#3 /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-content/plugins/wp-fail2ban-addon-contact-form-7/functions.php(52): do_action()
#4 /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-includes/class-wp-hook.php(309): com\wp_fail2ban\addons in /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-content/plugins/wp-fail2ban/feature/plugins.php on line 233
[05-Mar-2022 13:27:59 UTC] PHP Fatal error:  Uncaught TypeError: Argument 2 passed to org\lecklider\charles\wordpress\wp_fail2ban\feature\log_message() must be of the type string or null, array given, called in /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-includes/class-wp-hook.php on line 307 and defined in /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-content/plugins/wp-fail2ban/feature/plugins.php:233
Stack trace:
#0 /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-includes/class-wp-hook.php(307): org\lecklider\charles\wordpress\wp_fail2ban\feature\log_message()
#1 /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters()
#2 /usr/home/barefootwarrior/public_html/wp-il0m0goe0d/wp-includes/plugin.php(474): WP_Hook->do_action()

===== end copy —–

Fail2Ban is DEACTIVATED until we hear from you.

Thank you Mr @Lecklider

Clemens

Hello,

I’m using PHP 7.4.26.
After updating the plugin to v4.4.0.3 I have lot of PHP Notice from WP Fail2Ban, like these one:

“PHP Notice: Array to string conversion in …/wp-content/plugins/wp-fail2ban/lib/loader.php on line 597”

Can you please solve this with a quick fix?

Thanks!

I just upgraded to 4.4.0.2. When I visited my plugins page, I got this error:

WordPress version 5.9.1
Current theme: GeneratePress (version 3.1.3)
Current plugin: WP fail2ban (version 4.4.0.2)
PHP version 7.4.27
?
Error Details
=============
An error of type E_ERROR was caused in line 317 of the file /var/www/disablemycable.com/htdocs/wp-content/plugins/wp-fail2ban/admin/admin.php. Error message: Uncaught TypeError: Argument 3 passed to org\lecklider\charles\wordpress\wp_fail2ban\plugin_action_links() must be of the type array, null given, called in /var/www/disablemycable.com/htdocs/wp-includes/class-wp-hook.php on line 307 and defined in /var/www/disablemycable.com/htdocs/wp-content/plugins/wp-fail2ban/admin/admin.php:317
Stack trace:
#0 /var/www/disablemycable.com/htdocs/wp-includes/class-wp-hook.php(307): org\lecklider\charles\wordpress\wp_fail2ban\plugin_action_links()
#1 /var/www/disablemycable.com/htdocs/wp-includes/plugin.php(189): WP_Hook->apply_filters()
#2 /var/www/disablemycable.com/htdocs/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-sync/src/modules/class-callables.php(376): apply_filters()
#3 /var/www/disablemycable.com/htdocs/wp-includes/class-wp-hook.php(307): Automattic\Jetpack\Sync\Modules\Callables->set_plugin_action_links()
#4 /var/www/disablemycable.com/htdocs/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters()
#5 /var/www/disablemycable.com/htdocs/wp-incl

I tried to post in the forum, but it is not allowing me to reply or create new topics. Hoping you’ll see this here.

WordPress version 5.8.2
Problem plugin: WP fail2ban (version 4.3.0.9)
PHP version 8.1.1
Error details

Ошибка с типом E_ERROR возникла на строке 23 файла /www/free/wp-content/plugins/wp-fail2ban/vendor/freemius/wordpress-sdk/templates/forms/deactivation/retry-skip.php. Сообщение об ошибке: Uncaught ValueError: Unknown format specifier "D" in /www/free/wp-content/plugins/wp-fail2ban/vendor/freemius/wordpress-sdk/templates/forms/deactivation/retry-skip.php:23
Stack trace:
#0 /www/free/wp-content/plugins/wp-fail2ban/vendor/freemius/wordpress-sdk/templates/forms/deactivation/retry-skip.php(23): sprintf()
#1 /www/free/wp-content/plugins/wp-fail2ban/vendor/freemius/wordpress-sdk/includes/fs-core-functions.php(57): require('...')
#2 /www/free/wp-content/plugins/wp-fail2ban/vendor/freemius/wordpress-sdk/includes/class-freemius.php(2612): fs_get_template()
#3 /www/free/wp-content/plugins/wp-fail2ban/vendor/freemius/wordpress-sdk/includes/class-freemius.php(2491): Freemius->_get_uninstall_reasons()
#4 /www/free/wp-includes/class-wp-hook.php(303): Freemius->_add_deactivation_feedback_dialog_box()
#5 /www/free/wp-includes/class-wp-hook.php(327): WP_Hook->apply_filters()
#6 /www/free/wp-includes/plugin.php(470): WP_Hook->do_action()
#7 /www/free/wp-admin/admin-footer.php(78): do_action()
#8 /www/free/wp-admin/plugins.php(782): require_once('...')
#9 {main}
  thrown

I’m still on PHP 7.4 because I heard many WordPress plugins and themes don’t support PHP 8, though I also hear that PHP 8 is both more secure and performs better.

I was going to test out PHP 8 on my site and I see there are RC builds for 8.1 which is supposed to come out this month and went ahead and tested that. Strictly speaking, it appears this plugin works with PHP 8.1, however if you look at the logs, there are warnings about using deprecated features.

I thought I’d just pass them along.

Deprecated: Return type of FS_Key_Value_Storage::count() should either be compatible with Countable::count(): int, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /var/www/omahachapterone/wp-content/plugins/wp-fail2ban/vendor/freemius/wordpress-sdk/includes/managers/class-fs-key-value-storage.php on line 389

You have errors in linked pages from Getting Started/Configuration

https://i.imgur.com/sqx9YUi.png

https://i.imgur.com/QolrGpZ.png

https://i.imgur.com/vG4En2L.png

https://docs.wp-fail2ban.com/en/4.3.0/configuration.html?utm_source=about&utm_medium=about&utm_campaign=4.3.0.9

Hello,

Why don’t you mention anywhere that you use “Freemius” as a framework for this plugin?
that adds over 3mb of trash + sends data back to “Freemius” even if set the permission to NO!

Please add mentions that there is included over 3mb of “Freemius” Data Collection.

• This topic was modified 3 years, 2 months ago by Webzzz. Reason: Correction
• This topic was modified 3 years, 2 months ago by Webzzz.

Hello
Today I noticed an issue and I wanted to report it
https://prnt.sc/1ie6ycc

I am not sure if this is happening due to php 8.0.9 version I have installed in my system
Regards

ello, I’ve installed the WP fail2ban plugin on my new site. We ran the plugin through our security software and were flagged for several security risks. Who can I send the security report to so they may review? Please advise.

Thank you.

Hello,

Please can you add support for the plugin https://www.ads-software.com/plugins/limit-login-attempts-reloaded/.

It would be awesome if possible to automatically add the failed login ipaddress of Limit Login Attempts Reloaded logs to fail2ban

I know this is a rehash, but hopefully we can get a patch of some type. I have a lot of sites that are getting this message.

My environment…
GridPane (using their integration of F2B as a MU plugin)
Vultr server running Ubuntu 18.x LTS
WP 5.7.2
plugin combos vary, some have Woo, some have Events Calendar, some are simple
Redis cache / object caching

// WP fail2ban configs setting that can be changed , just comment the ones you do not need/want
//
// possible values for the loggin LOG_AUTH,LOG_AUTHPRIV,LOG_CRON,LOG_DAEMON,LOG_KERN, LOG_LOCAL0, LOG_LOCAL1, LOG_LOCAL2,LOG_LOCAL3, LOG_LOCAL4, LOG_LOCAL5,LOG_LOCAL6, LOG_LOCAL7, LOG_LPR, LOG_MAIL, LOG_NEWS, LOG_SYSLOG, LOG_USER, LOG_UUCP,
//
// grouped per tab in wp fail 2 ban settings
// Logging
//Authentication
define(‘WP_FAIL2BAN_AUTH_LOG’, LOG_AUTH);
//Comments
// this include is needed if you want comments logging
include __DIR__.’/wp-content/plugins/wp-fail2ban/lib/constants.php’;
define(‘WP_FAIL2BAN_LOG_COMMENTS’, true);
define(‘DEFAULT_WP_FAIL2BAN_COMMENT_LOG’,LOG_USER);
// full list
// define(‘WP_FAIL2BAN_LOG_COMMENTS_EXTRA’, WPF2B_EVENT_COMMENT_NOT_FOUND | WPF2B_EVENT_COMMENT_CLOSED | WPF2B_EVENT_COMMENT_TRASH | WPF2B_EVENT_COMMENT_DRAFT | WPF2B_EVENT_COMMENT_PASSWORD);
define(‘WP_FAIL2BAN_LOG_COMMENTS_EXTRA’, WPF2B_EVENT_COMMENT_NOT_FOUND | WPF2B_EVENT_COMMENT_CLOSED | WPF2B_EVENT_COMMENT_TRASH | WPF2B_EVENT_COMMENT_DRAFT | WPF2B_EVENT_COMMENT_PASSWORD);
define(‘WP_FAIL2BAN_COMMENT_EXTRA_LOG’, LOG_AUTH);
//spam
define(‘WP_FAIL2BAN_LOG_SPAM’, true);
define(‘DEFAULT_WP_FAIL2BAN_SPAM_LOG’,LOG_AUTH);
//password requests
define(‘WP_FAIL2BAN_LOG_PASSWORD_REQUEST’, true);
define(‘DEFAULT_WP_FAIL2BAN_PASSWORD_REQUEST_LOG’,LOG_USER);
//pingbacks
define(‘WP_FAIL2BAN_LOG_PINGBACKS’, true);
define(‘DEFAULT_WP_FAIL2BAN_PINGBACK_ERROR_LOG’,LOG_AUTH);
//
//syslog
//Connection
// define(‘WP_FAIL2BAN_OPENLOG_OPTIONS’,LOG_CONS|LOG_PERROR|LOG_PID|LOG_NDELAY|LOG_ODELAY); // last 2 pick one not both see next line
// define(‘WP_FAIL2BAN_OPENLOG_OPTIONS’, LOG_CONS|LOG_PERROR|LOG_PID|LOG_NDELAY);
// this is the default setting
define(‘WP_FAIL2BAN_OPENLOG_OPTIONS’,LOG_PID|LOG_NDELAY);
//Workarounds
//disabled not needed , only for problematic systems
//define(‘WP_FAIL2BAN_SYSLOG_SHORT_TAG’, true);
//define(‘WP_FAIL2BAN_HTTP_HOST’, true);
//define(‘WP_FAIL2BAN_TRUNCATE_HOST’, true);
//
//Block
define(‘WP_FAIL2BAN_BLOCK_USER_ENUMERATION’, true);
define(‘WP_FAIL2BAN_BLOCKED_USERS’, [‘admin’, ‘root’]);
define(‘WP_FAIL2BAN_BLOCK_USERNAME_LOGIN’, true);
//
//Remote IP
// white listed IPS , disabled by default
//define(‘WP_FAIL2BAN_PROXIES’, [‘192.168.0.42′,’192.168.42.0/24’]);
//
// Plugins
//
define(‘WP_FAIL2BAN_PLUGIN_LOG_AUTH’, true);
define(‘DEFAULT_WP_FAIL2BAN_PLUGIN_AUTH_LOG’,LOG_AUTH);
define(‘WP_FAIL2BAN_PLUGIN_LOG_BLOCK’, true);
define(‘DEFAULT_WP_FAIL2BAN_PLUGIN_BLOCK_LOG’,LOG_USER);
define(‘WP_FAIL2BAN_PLUGIN_LOG_COMMENT’, true);
define(‘DEFAULT_WP_FAIL2BAN_PLUGIN_COMMENT_LOG’,LOG_USER);
define(‘WP_FAIL2BAN_PLUGIN_LOG_OTHER’, true);
define(‘DEFAULT_WP_FAIL2BAN_PLUGIN_OTHER_LOG’,LOG_USER);
define(‘WP_FAIL2BAN_PLUGIN_LOG_PASSWORD’, true);
define(‘DEFAULT_WP_FAIL2BAN_PLUGIN_PASSWORD_LOG’,LOG_USER);
define(‘WP_FAIL2BAN_PLUGIN_LOG_REST’, true);
define(‘DEFAULT_WP_FAIL2BAN_PLUGIN_REST_LOG’,LOG_USER);
define(‘WP_FAIL2BAN_PLUGIN_LOG_SPAM’, true);
define(‘DEFAULT_WP_FAIL2BAN_PLUGIN_SPAM_LOG’,LOG_AUTH);
define(‘WP_FAIL2BAN_PLUGIN_LOG_XMLRPC’, true);
define(‘DEFAULT_WP_FAIL2BAN_PLUGIN_XMLRPC_LOG’,LOG_USER);
// end of WP fail2ban plugin

Hi, and thank you for the great plugin! I wrote and tested a patch for IPv6 support. Unfortunately, I wasn’t able to register at the new forum, but I’m attaching a link to our Github repo. I can also just post the patch text here if that’s OK.
The patch is made against v. 4.3.0.8

Hi !

Like many (I believe), I’m using the official WordPress Docker container to host my website.
After a lot of investigations, it seems to me that this container do not use syslog.
I am currently trying to install rsyslog in a custom container, but this is not ideal, nor easy.

Would you consider adding an option to print the logs in stdout ?
It seems like most dockerized application work this way. It is very easy to redirect the container’s logs to the host syslogs and work with fail2ban when this is done (I do it with other web applications and it work great.

So basically, just a boolean in the configuration file which allow to write the logs to /dev/stdout instead of AUTH_LOG.

Thanks for the great work anyway !

Will a 1 website license enough to cover the main site and all it’s subsites? I couldn’t find an answer in the FAQ’s in the upgrade page.

Thanks

It seems that enabling “WP_FAIL2BAN_BLOCK_USER_ENUMERATION” results again in FORBIDDEN for authors editing their posts. Seems to happen from version 4.3.0.x

see https://www.ads-software.com/support/topic/block_user_enumeration-results-in-forbidden/

If WP fail2ban is installed on the server, and then I install the plugin for WordPress, and I don’t modify any of the settings on WordPress (for example, inside the wp-config), then does fail2ban is using some default settings to protect WordPress? Or it’s absolutely require to set specific configurations to make it work?

Thanks,

Hello,

in my developement environment I got this warnings:

Warning: Use of undefined constant WPF2B_EVENT_COMMENT_CLOSED – assumed ‘WPF2B_EVENT_COMMENT_CLOSED’ (this will throw an Error in a future version of PHP) in G:\Repositories\bla\wp-config.php on line 11

Warning: Use of undefined constant WPF2B_EVENT_COMMENT_DRAFT – assumed ‘WPF2B_EVENT_COMMENT_DRAFT’ (this will throw an Error in a future version of PHP) in G:\Repositories\bla\wp-config.php on line 11

Warning: Use of undefined constant WPF2B_EVENT_COMMENT_TRASH – assumed ‘WPF2B_EVENT_COMMENT_TRASH’ (this will throw an Error in a future version of PHP) in G:\Repositories\bla\wp-config.php on line 11

Warning: Use of undefined constant WPF2B_EVENT_COMMENT_CLOSED – assumed ‘WPF2B_EVENT_COMMENT_CLOSED’ (this will throw an Error in a future version of PHP) in G:\Repositories\bla\wp-config.php on line 11

Warning: Use of undefined constant WPF2B_EVENT_COMMENT_NOT_FOUND – assumed ‘WPF2B_EVENT_COMMENT_NOT_FOUND’ (this will throw an Error in a future version of PHP) in G:\Repositories\bla\wp-config.php on line 11

It’s very annoying because the half page is only showing warnings.

My wp-config.php looks like:

<?php
/** determine environment */
define('DEV_ENV', file_exists('dev-config.php'));

/** Enable W3 Total Cache */
define('WP_CACHE', DEV_ENV); // Added by W3 Total Cache

/** wp-fail2ban */
define('WP_FAIL2BAN_AUTH_LOG', LOG_AUTHPRIV);
define('WP_FAIL2BAN_BLOCKED_USERS', ['admin', 'root', 'user', '[login]', 'administrator']);
define('WP_FAIL2BAN_LOG_COMMENTS_EXTRA', WPF2B_EVENT_COMMENT_CLOSED | WPF2B_EVENT_COMMENT_DRAFT | WPF2B_EVENT_COMMENT_TRASH | WPF2B_EVENT_COMMENT_CLOSED | WPF2B_EVENT_COMMENT_NOT_FOUND);

/* ... and so on... */

Is my wp-config wrong?

• This topic was modified 4 years, 6 months ago by melde.

TL;DR: https://forums.invis.net/c/wp-fail2ban/

I’ve always provided support here for WPf2b since the very first release. I take pride in my work, and support requests are usually a good way to discover areas for improvement.

However, with the free/premium split and other demands on my time, fitting the WP.org forums into my workflow has become increasingly difficult.

I’ve therefore decided to move all support to a new platform.

There are a few loose ends to tidy up here, but beyond that I will no longer be answering support requests here.

I’d like to thank the WP mods for their work over the years providing this forum, and I look forward to seeing you on the new platform.

I’m using fail2ban plugin on “mu-plugins” folder on a digitalocean server. I’m planning to move the site to a new server, but the digitalocean droplet now installs the wp fail2ban in the plugins folder.

1. My question, can I delete the fail2ban from the plugins folder and move the mu-plugins folder and continue using the other fail2ban plugin?
2. Is there any different between the versions?
3. If I keep the new version, do I need to configure any else besides the default installation to make sure the plugin is protecting the site?

Thanks,

Can you help with configuring fail2ban for systemd logging? I can see that wp-fail2ban is adding lines that are visible with journalctl, but fail2ban isn’t picking them up.

My config in jail.local:

[wordpress-hard]
enabled = true
filter = wordpress-hard
maxretry = 1
port = http,https
backend = systemd

The wp-fail2ban journal lines look like this:
Mar 05 21:55:26 SERVER.FQDN wordpress(VIRTUAL.FQDN)[246821]: Authentication attempt for unknown user USERNAME from IP_ADDRESS

fail2ban-regex does match that line against the wordpress-hard filter.

The weird thing is that the phpMyAdmin configuration is basically identical but fail2ban picks up the phpMyAdmin lines from the journal.

• This topic was modified 4 years, 8 months ago by rhodie. Reason: format code

I’m having an issue where I’m logged into a site in a multisite, I attempt to log into another site in the multisite, and without ever entering bad credentials, I end up banned. I can’t really offer a lot more details than that, it seems rather odd. Can you think of any reason it would ban without getting failed login attempts?

Hi guys,

I’ve stopped using the plugin since you’ve switched to Freemius. The amount of bloat their SDK adds as well as all the calls to their api really doesn’t gel with a plugin that’s supposed to be lightweight and utilitarian. Having a Pro version is awesome but please consider using EDD for licensing- it’s much better for your users.

Cheers

PS. I see I’m not the only one to raise this issue. Please see the forums if you’d like to see more feedback from the WP community about Freemius: https://www.ads-software.com/search/freemius/?forums=1

• This topic was modified 4 years, 10 months ago by menathor.