Title: Block enumerate users Last modified: August 21, 2016 --- # Block enumerate users * [geeklol](https://wordpress.org/support/users/geeklol/) * (@geeklol) * [12 years, 9 months ago](https://wordpress.org/support/topic/block-enumerate-users/) * Hi, ROIBOT, after a nice discussion wrote a filter to block the ability to enumerate WP users. * here: [http://premium.wpmudev.org/forums/topic/to-all-i-am-currently-undergoing-a-rather-severe-attack#post-489572](http://premium.wpmudev.org/forums/topic/to-all-i-am-currently-undergoing-a-rather-severe-attack#post-489572) * Here is the WP plugin: [http://llocally.com/wordpress-plugins/?did=4](http://llocally.com/wordpress-plugins/?did=4) * It would be very nice to merge his filter with your… * Laurent. * PS: Once again, thank you very much for your plugin, it works perfectly, I was under a strong attack, it protects me without any problems. Just looking my logs and smiling… * [http://wordpress.org/plugins/wp-fail2ban/](http://wordpress.org/plugins/wp-fail2ban/) Viewing 8 replies - 1 through 8 (of 8 total) * Plugin Author [invisnet](https://wordpress.org/support/users/invisnet/) * (@invisnet) * [12 years, 8 months ago](https://wordpress.org/support/topic/block-enumerate-users/#post-4059984) * Thanks for that – I’ve added something similar to 2.1.0, released last night. * Thread Starter [geeklol](https://wordpress.org/support/users/geeklol/) * (@geeklol) * [12 years, 8 months ago](https://wordpress.org/support/topic/block-enumerate-users/#post-4059991) * Hi Invisnet, I’ll try it right now! Thank you. * Laurent. * Thread Starter [geeklol](https://wordpress.org/support/users/geeklol/) * (@geeklol) * [12 years, 8 months ago](https://wordpress.org/support/topic/block-enumerate-users/#post-4059992) * Hi again, May I suggest an small improvement ? * I think it would be better to have the two fail2ban filters separated because it is preferable to treat separetely “the user enumeration” and “the login attempt”: You can leave for example three attempt for login while you absolutely MUST block at the first attempt the user enumeration… * Thank you. * Laurent. * [llocally](https://wordpress.org/support/users/llocally/) * (@llocally) * [12 years, 8 months ago](https://wordpress.org/support/topic/block-enumerate-users/#post-4060000) * I actually have three different filters 1. for attempts on admin / administrator 2. the other for general logins 3. one for enumeration * Fairly simple top create and just change the regex’s * By the way thanks for incorporating, well actually improving, my stop enumeration code. * Alan – aka llocally – aka roibot (must get round to combining my ids) * Thread Starter [geeklol](https://wordpress.org/support/users/geeklol/) * (@geeklol) * [12 years, 8 months ago](https://wordpress.org/support/topic/block-enumerate-users/#post-4060010) * Hi, [@llocally](https://wordpress.org/support/users/llocally/): the solution is effectively to get more than one filter * [@invisnet](https://wordpress.org/support/users/invisnet/) Your filter for user enumeration doesn’t work, nothing is logged in /var/log/auth.log. Did you try it before you update ? * Regards. * [llocally](https://wordpress.org/support/users/llocally/) * (@llocally) * [12 years, 8 months ago](https://wordpress.org/support/topic/block-enumerate-users/#post-4060011) * [@geeklol](https://wordpress.org/support/users/geeklol/) * 1. yes, I can’t think of anyway of having different sensitivities in the same filter, so a filter per ‘sensitivity’ would be required. * 2. I just fully tested this on my server and it works fine. * First, have you turned on enumeration with define(‘WP_FAIL2BAN_BLOCK_USER_ENUMERATION’, true); ? * Second have you looked in the your syslog (e.g. /var/log/syslog or /var/log/messages) rather than your auth log. * hope that points you in the right direction * Thread Starter [geeklol](https://wordpress.org/support/users/geeklol/) * (@geeklol) * [12 years, 8 months ago](https://wordpress.org/support/topic/block-enumerate-users/#post-4060012) * Hi llocally, It’s a mystery … * Detections attempts to enumerate users does not work on all my WordPress (all Ver 3.6). The llocally filter and the invisnet filter not react the same way… I need to do more testing before drawing conclusions. * Anyway, thank you very much to both of you for the job! * Congratulations gentlemen! * Thread Starter [geeklol](https://wordpress.org/support/users/geeklol/) * (@geeklol) * [12 years, 8 months ago](https://wordpress.org/support/topic/block-enumerate-users/#post-4060013) * Hi, I like to understand. * 1) For the two filters (stop user enumeration and wp-fail2ban) you must enable“ permalinks”. 2) If stop-user-enumeration AND wp-fail2ban are both activated, stop-user-enumeration takes over (it is the first to intercept attempts). * I will opt for one plugin: wp-fail2ban, but I’ll split the filter into two (maybe three later): 1) Connection attempts: * ``` failregex = ^%(__prefix_line)sAuthentication failure for .* from $ ^%(__prefix_line)sBlocked authentication attempt for .* from $ ``` * 2) Enumeration attempts: * ``` failregex = ^%(__prefix_line)sBlocked user enumeration attempt from $ ``` * So I installed one plugin, BUT I treat differently the simple connection attempts and enumeration attempts (which for me are much more aggressive). * It must be remembered, fail2ban is not there to protect you, but simply to avoid a flood of logs. REAL protection lies in the complexity of passwords … * Laurent. Viewing 8 replies - 1 through 8 (of 8 total) The topic ‘Block enumerate users’ is closed to new replies. * ![](https://ps.w.org/wp-fail2ban/assets/icon-256x256.png?rev=2814701) * [WP fail2ban - Advanced Security](https://wordpress.org/plugins/wp-fail2ban/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-fail2ban/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-fail2ban/) * [Active Topics](https://wordpress.org/support/plugin/wp-fail2ban/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-fail2ban/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-fail2ban/reviews/) * 8 replies * 3 participants * Last reply from: [geeklol](https://wordpress.org/support/users/geeklol/) * Last activity: [12 years, 8 months ago](https://wordpress.org/support/topic/block-enumerate-users/#post-4060013) * Status: not resolved