跳至主要內容
  • 登入
  • 註冊
WordPress.org

Taiwan 正體中文

  • 佈景主題目錄
  • 外掛目錄
  • 最新消息
  • 技術支援
  • 關於我們
  • 團隊
  • 取得 WordPress
取得 WordPress

外掛目錄

  • 我的最愛
  • Beta 版測試
  • 開發者資訊

這個外掛並未在最新的 3 個 WordPress 主要版本上進行測試。開發者可能不再對這個外掛進行維護或提供技術支援,並可能會與更新版本的 WordPress 產生使用上的相容性問題。

下載

WP Fail2Ban Redux

由 Brandon Allen 開發
  • 詳細資料
  • 使用者評論
  • 安裝方式
  • 開發資訊
技術支援

外掛說明

WP Fail2Ban Redux records various WordPress events to your server’s system log for integration with Fail2Ban.

This plugin is (mostly) a drop-in replacement for WP fail2ban by Charles Lecklider.

While WP fail2ban is a great plugin, there are a number of improvements that could be made. In order to facilitate these improvements, a major refactoring of the codebase was necessary.

The core functionality between WP Fail2Ban Redux and WP fail2ban remains the same. WP Fail2Ban Redux is considered to be mostly a drop-in replacement, because all constants have been replaced with filters, and will, possibly, require some upgrade work. Don’t work it’s as simple as implementing the constants.

The following events are recorded by default:

  • Failed XML-RPC authentication attempts.
  • Successful authentication attempts.
  • Failed authentication attempts — differentiated by a user’s existence.
  • Pingback errors.

The following events can be enabled via filter:

  • Pingback requests.
  • Blocked user enumeration attempts.
  • Authentication attempts for blocked usernames.
  • Spammed comments.

Extra documentation is available on the WP Fail2Ban Redux GitHub Wiki.

安裝方式

  1. Upload the plugin to your plugins directory.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  3. Copy the config/filters/wordpress-hard.conf and config/filters/wordpress-soft.conf files to your Fail2Ban filters directory (generally /etc/fail2ban/filters.d).
  4. Copy the config/jail/wordpress.conf file to your Fail2Ban jail directory (generally /etc/fail2ban/jail.d), or append it’s contents to your jail.local file. Make sure you read the notes in this file to aid successful setup.
  5. Reload or restart Fail2Ban.

常見問題集

How do I upgrade from WP fail2ban?

If you haven’t set any of the WP fail2ban constants, you don’t need to do anything. If you have set some of the constants, view the upgrade instructions.

Will the `wordpress-hard.conf` and `wordpress-soft.conf` filters still work?

Yes! All of the improvements made in WP Fail2Ban Redux were done in a way that would allow existing functionality to work without changes to your filters. However, the demo filters included with the plugin do contain some recommended changes. There are also new features not found in WP fail2ban that will require changes to your filters to be effective. These changes are linked, by filter, below:
wordpress-hard.conf
wordpress-soft.conf

Be ye forewarned: Future changes to WP fail2ban may break backwards compatibility with WP Fail2Ban Redux filters. No attempts will be made to fix this. So, even though it’s not required, it is probably a good idea to update the filters anyway.

Can I use this as a must-use plugin in the `mu-plugins` folder?

As of version 0.5.0, yes! Download the plugin, and unzip. Inside the plugin folder will be another folder named wp-fail2ban-redux and wp-fail2ban-redux.php. Upload this folder and file to the mu-plugins directory of your site.

How do you I use this plugin if my site is behind a proxy, like Cloudflare?

You need to add some code to your wp-config.php file. See the below links for guidance.

  • https://core.trac.wordpress.org/ticket/9235#comment:39
  • https://stackoverflow.com/questions/14985518/cloudflare-and-logging-visitor-ip-addresses-via-in-php/14985633#14985633
  • https://support.cloudflare.com/hc/en-us/articles/200170916#12345680

使用者評論

If you already have fail2ban, this is a must

ABCdatos 2022 年 8 月 5 日
Easy, effective, no unnecessary control panel, no premium parts, no boring messages, it just do the work! Having fail2ban already configured in the server, I installed it on a bunch of WP sites. Locking repetitive attackers, it saves some server resources peaks. Really thanks for the plugin.

Awesome plugin

teeboy4real 2021 年 7 月 6 日
This plugin is underrated and is a must have for wordpress security.

Perfect!

thnilsen 2021 年 3 月 9 日
Could not be simpler to use this plugin. The original plugin that this one replaces was just awful to set up with the free version. This on is just to install and activate, then make sure you have the apache-auth filter active in your Fail2Ban configuration. Thanks!!

Works perfect!

galactica333 2020 年 5 月 28 日
I use this plugin on my wordpress installations and all failed logins are reliably logged to the auth.log of the server. Even though the plugin has not yet been tested with WordPress 5.4.1, it is working good for me.

Simple and Effective, Works Well.

UfukArt 2019 年 12 月 20 日
Tiny, Simple and Effective. Works Well.Thanks to developer.

Does the job. No more, no less.

michauko 2019 年 10 月 29 日
I tried some other F2B plugins, tons of useless options, useless interface and so on. And very expensive paid subscriptions, of course. This one just logs all the auth. failures you need to monitor and gives you the F2B filter and jail conf. Install, copy, adapt, reload f2b. 5 minutes and you're done. Be sure to add this plugin as a "mu-plugin" (must-use), so no stupid WP admin user disables it by mistake.
閱讀全部 13 則使用者評論

參與者及開發者

以下人員參與了開源軟體〈WP Fail2Ban Redux〉的開發相關工作。

參與者
  • Brandon Allen

〈WP Fail2Ban Redux〉外掛目前已有 2 個本地化語言版本。 感謝全部譯者為這個外掛做出的貢獻。

將〈WP Fail2Ban Redux〉外掛本地化為台灣繁體中文版

對開發相關資訊感興趣?

任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄。

變更記錄

0.8.2

  • Release date: 2021-08-08
  • Bumps “Tested up to” version to 5.8
  • No changes to jail or filters in the release.

0.8.1

  • Release date: 2021-06-01
  • Actually bumps “Tested up to” version to 5.7

0.8.0

  • Release date: 2021-05-31
  • Bumps “Tested up to” version to 5.7
  • Fix issue where logging out of WordPress could cause a blocked user log to be recorded

0.7.0

  • Release date: 2021-01-05
  • Bumps “Tested up to” version to 5.6
  • Move Composer dependencies to require-dev to reduce the number of packages installed when WP Fail2Ban Redux is installed via composer. See https://github.com/thebrandonallen/wp-fail2ban-redux/pull/17

0.6.0

  • Release date: 2020-06-07
  • Bumps the minimum required version to WordPress 4.9.
  • Bumps “Tested up to” version to 5.4.1

0.5.1

  • Release date: 2019-09-05
  • This release requires and update to the wordpress-hard.conf file, in order to fix an issue with matches failing for XML-RPC multicall authentication failures. See https://github.com/thebrandonallen/wp-fail2ban-redux/pull/13/commits/2e3a3867749be7839edfae5707b62921c36ecd85
  • Fix issue where XML-RPC multicall authentication failures weren’t correctly matched by Fail2Ban with the wordpress-hard.conf filter.

0.5.0

  • Release date: 2018-10-27
  • Add better support for use as a must-use plugin in the mu-plugins directory.

0.4.0

  • Release date: 2018-01-15
  • Bumped the minimum required WordPress version to 4.5.
  • Bumped the minimum required PHP version to 5.3. This is a soft bump, meaning, nothing changed that will break PHP 5.2 compatability. However, this could easily change in the future, and PHP 5.2 is no longer actively tested.
  • Renamed the wp_fail2ban_redux_openlog_indent filter to wp_fail2ban_redux_openlog_ident, because… it was misspelled.

0.3.1

  • Release date: 2017-05-18
  • Bump minimum required WordPress version to 4.4.
  • Performance improvements when not blocking user enumeration.
  • Use wp_die to exit, to allow for greater customization of exit messages.
  • Exit messages are now escaped using esc_html.
  • Refactored plugin loading.
  • You can now create your own, custom, logging class, in case you don’t want to use the standard syslog() output.

0.3.0

  • Superseded by 0.3.1

0.2.1

  • Release date: 2017-02-15
  • Fix a stupid syntax error in the comment spam filter 🙁 Thanks to @ichtarzan for reporting!

0.2.0

  • Release date: 2016-09-27
  • Fixed PHP notices where WP_Fail2Ban_Redux::comment_spam expects two parameters. Decided it was probably a good idea to oblige.
  • User enumeration blocking now checks for both the author and author_name parameters. The author_name parameter could be used to validate the existence of a particular username, so blocking on this parameter as well will further reduce the attack surface.
  • Fixes an issue where user enumeration blocking was overzealous and would prevent actions in the admin area. Props pjv. #2
  • WP_Fail2Ban_Redux::redirect_canonical is now deprecated. If you were doing anything with this function, or the hook that initialized it, you should look at WP_Fail2Ban_Redux::user_enumeration instead.
  • Added a note to wordpress.conf about the logpath parameter, and common auth log locations. There is no need to changed existing configurations. This is merely to aid setup for future users.

0.1.1

  • Release date: 2016-07-23
  • In PHP < 7.0, exit isn’t allowed as a method name. WP_Fail2Ban_Redux_Log::exit is now WP_Fail2Ban_Redux_Log::_exit.

0.1.0

  • Release date: 2016-07-13
  • Initial release.

中繼資料

  • 最新版本: 0.8.2
  • 最後更新: 1 年前
  • 啟用安裝數: 7,000+
  • WordPress 版本需求: 4.9 或更新版本
  • 已測試相容的 WordPress 版本: 5.8.6
  • PHP 版本需求: 5.8 或更新版本
  • 語言:

    English (US)、Greek、及 Spanish (Spain).

    將這個外掛本地化為你的母語版本

  • 標籤:
    fail2banloginsecuritysyslog
  • 進階檢視

評分

檢視全部
  • 5 星 13
  • 4 星 0
  • 3 星 0
  • 2 星 0
  • 1 星 0
登入以提交評論

參與者

  • Brandon Allen

技術支援

最近 2 個月解決的問題:

總計 1 個問題,已解決 0 個

查看技術支援論壇

贊助

想要支援這個外掛的發展嗎?

贊助這個外掛

  • 關於我們
  • 最新消息
  • 主機託管
  • 贊助基金會
  • Swag
  • 線上說明
  • 開發者資源
  • 共同參與
  • Learn
  • 展示網站
  • 外掛目錄
  • 佈景主題目錄
  • 區塊版面配置目錄
  • WordCamp
  • WordPress.TV
  • BuddyPress
  • bbPress
  • WordPress.com
  • Matt
  • 隱私權
  • Public Code
WordPress.org
WordPress.org

Taiwan 正體中文

  • 造訪我們的 Facebook 粉絲專頁
  • 造訪我們的 Twitter 帳號
  • Visit our Instagram account
  • Visit our LinkedIn account
程式碼,如詩