invisnet

Yes this plugin is a giant security risk it for one uses “Freemius” as a framework that will transmit back home data even if you select NO.

Neither of those statements are true.

1. The report from @bfarrellcx showed no actual issues in both my code and the Freemius library.
2. The Freemius library does NOT “phone home” without permission; see here for full details.

Not to mention all the other risks this plugin includes.

You can report any security issues in the normal way; I look forward to receiving yours.

There are some problems with that, e.g. you shouldn’t define any of the DEFAULT_xxx constants, but it’s a really good idea – thanks!

I’ve borrowed your idea and created a repo for it – PRs welcome.

If you’re still having this problem with 4.3.0.9 please create a topic in the new support forum.

Thanks – there’s a thread on the new support forum for planning Docker support – I’d welcome your input there.

Sorry, this dropped off the bottom of my “to-do” list.

If you’ve still got the details it’d be great if you could drop them here so I could take a look.

@menathor – thanks for the feedback.

I think we’re in a grey area here between free and paid on this forum, but since you asked I think a short reply is warranted; I’d be happy to have a longer discussion on the new support forum (https://forums.invis.net/c/wp-fail2ban/).

I looked at lots of options before picking Freemius, including EDD.

I don’t like the weight of the Freemius library either, but it has two huge advantages over EDD; in ascending order of magnitude:

1. Freemius requires no extra infrastructure and no up-front costs,
2. Freemius deals with all of the EU VAT mess.

It was the 2nd point that decided it.

Again, happy to carry on with this on the new forums, otherwise I think that covers everything on the “free” side here.

Background: this is the continuation of a 2-star review submitted before asking for support.

—-

I accept that you can’t dismiss the notices. There’s clearly a bug somewhere. As I said before, the Freemius library is in use in millions of installations, and the notices are generated by the library.

In other words, while I have responsibility for the overall experience, I did not personally write the code in question. I’m willing to work with you to find the cause of this, but in return I don’t think it’s unreasonable to ask that you give me something to work with.

So, perhaps you could tell me a bit about your hosting environment?

And, maybe a list of other plugins installed?

Finally, one specific debugging task:

• Open the Developer Tools in your browser and go to the Network tab (I think Chrome and Firefox are pretty much the same for this),
• Click the “Dismiss” link and look at the request details (there will be a call to admin-ajax.php).
• Copy/paste the request and response details here, making sure you leave out any site-specific details (e.g. cookies, domains).

@alanrezende: There’s a note at the bottom of every settings page:

The Free version of WP fail2ban is configured by defining constants in wp-config.php; these tabs display those values.

The free version of WPf2b has always worked by defining constants in wp-config.php (you can check v1.0.0 – it’s still tagged in SVN). There’s a link to the documentation (as above) on the Welcome page.

I’m sorry you found it difficult to see how to configure WPf2b – do you have any suggestions for how I could make it clearer?

(Thanks @krzysko!)

• This reply was modified 4 years, 11 months ago by invisnet.

Which event is triggering the ban? You should be able to see in the logs what’s causing it – without that I don’t really know where to start.

What is wrong in my config?

Probably nothing; my guess is that you’re using Gutenberg, so this should be fixed in 4.2.8.

An admin notice that won’t stay dismissed is very obviously a bug – an extremely rare bug, but still a bug. However:

• @sleeplessindc was referred to the support forum, but despite having used it 3 months prior to that, chose not to use it again.
• @phil-mckerracher also chose not to use the support forum, instead choosing to leave a negative review.
• @maniackcrudelis has also chosen not to use the support forum.

If no-one with this issue is willing to ask for support, how is it going to get fixed?

You need define any WPf2b constants above the line in wp-config.php that says /* That's all, stop editing! Happy blogging. */.

(This has now become a genuine FAQ – I’ll update the docs and readme).

Sounds like LOG_AUTHPRIV did the trick.

Changing the perms on the log file is always bad idea – especially setting the execute bit – you should set that back to 640 asap.

I don’t have an Ubuntu instance to play with atm, but my guess is that you probably need to use LOG_AUTHPRIV.

FYI, I think I’ve worked out what’s going on; there’ll be a fix in 4.3.0.