WordPress.org

Ready to get started?Download WordPress

Plugin Reviews

WP fail2ban

Write all login attempts to syslog for integration with fail2ban.

17 reviews
Average Rating
4 stars
4.9 out of 5 stars
5 stars
excelent - just what I needed
By ,

great idea rolling this all up together.

Thanks!

4 stars
Great, documentation could use improvement
By ,

I spent quite a lot of time troubleshooting the setup. It's not mentioned in the readme but the plugin may need to tweaking depending on your OS. For CentOS 6, I had to change the jail conf to monitor /var/log/messages. I did not have to change any of the plugin PHP code as someone mentioned in the forum (threw me off since I did it).

Also, I never got fail2ban to trigger the ban action even though it was regex matching (apparently a common issue). I ended up going with CSF LFD to ban per http://forum.configserver.com/viewtopic.php?f=6&t=6663#p20069

4 stars
Just what was needed
By ,

As my server already had fail2ban, this was just the perfect plugin from brute force attacks!

The configs suggested in the help did not work, so minor tweaking were needed.

5 stars
Works great
By , for WP 3.9.1

I had to play with the jail.local config block a bit, but works great after it's setup.

5 stars
A must have
By , for WP 3.9

This is one of the things that everyone should have :)

5 stars
Does exactly what it says on the tin.
By , for WP 3.6.1

This plugin worked nicely for me on a day when a not very powerful WordPress server was receiving thousands of bruteforce attempts from nearly a thousand different IPs. Load average dropped from 40+ to well below 1.

The README suggested this stanza in jail.local

[wordpress]
enabled = true
filter = wordpress
logpath = /var/log/auth.log

but with Ubtuntu 12.04 and failban 0.8.6 I found I needed to add

port = http
protocol = tcp

and if you run WordPress with https, you'll instead need

port = http,https

I also added

maxretry = 2
bantime = 84600

It is suggested to add

define('WP_FAIL2BAN_BLOCKED_USERS','^admin$');

to wp-config.php to short-circuit login attempts as admin. I followed the suggestion but instead used

define('WP_FAIL2BAN_BLOCKED_USERS','^(admin|DOMAIN)');

because I noticed that the usernames being used in the attempts were admin, administrator, and DOMAIN (WP is served on http://www.DOMAIN.com)

5 stars
Very useful
By , for WP 3.6

The installation is easy and that works just fine.

Thank you.

5 stars
fail2ban does what it is meant to do
By ,

This plugin works just fine.

5 stars
Works perfectly
By ,

It works perfectly on my system:

Debian 7 up to date
WP 3.5.2
Fail2ban 0.8.6-3wheezy2

I just need to add port = http,https

Thank you!
Laurent.

5 stars
Does the job
By ,

Very simple and effective

You must log in to submit a review. You can also log in or register using the form near the top of this page.