Rating: 1 star
The plugin spams dashboard with the banner that cannot be dismissed and keeps reappearing.
]]>Rating: 1 star
if you manage to set it up correctly, it does what you expect, but …
creates an annoying warning in site-health if the blocklist addon is not installed, which is not free, and it hides the fact that it is not free, until you have subscribed to freemius, in my opinion this is really bad.
the contained site-health-script checks for /usr/bin/systemctl which is by default not within allowed paths for PHP on systems using open_basedir restrictions, so it creates PHP warnings everytime the script is accessed.
the code looks quite bloated for such simple functionality.
the plugin needs to be configured by adding constants to your wp-config.php file, normal GUI-configuration deactivated until you go premium.
Rating: 5 stars
Prevention is better than cure.
]]>Rating: 5 stars
seamless integration with gridpane. all you have to do is enable and read the gridpane docs. thanks !
]]>Rating: 5 stars
Great plugin, works well and far faster than PHP based blocking solutions. many thanks
]]>Rating: 5 stars
iptables+Maltrail+Fail2Ban+AbuseIP/DB+BinaryDefence/DB+kaspersky+Bitdefender
https://piramide.zapto.org/iplist-pcsnet.txt
https://piramide.zapto.org/iplist.txt
https://perc.ddns.net/iplist.txt
https://perc.ddns.net/iplist-pcsnet.txt
https://perc.ddns.net/ip.txt
https://perc.ddns.net/cms.txt
WE SAY HERE: PREVENIRE E MEGLIO CHE CURRARE,
PREVENTION IS BETTER THAN CURE!
]]>Rating: 2 stars
Jesus. I’ve done everything I can to rid myself of this ad on every page of ever site I sue this plugin on. I’ve added CSS code, searched for PHP solutions, etc. No luck.
Every page. Every site. Every visit.
“Hey! How do you like WP fail2ban so far? Test all our awesome premium features with a 14-day free trial. No credit card required!”
F— me.
I will literally never buy this plugin for any reason whatsoever for that alone. They could sell the pro version for fifty cents -and I’d say no on principle. Fix this sh-t.
]]>Rating: 1 star
Just causes critical errors..
]]>Rating: 4 stars
Ok, this is the kind of plugin I keep installing and deinstalling over time…
Firstly: I’m no stranger to fail2ban, but I’m not really an expert in designing my own filters, either. I still know enough fail2ban-fu to tackle some tricky issues; ultimately, 90% of the complexity is in setting the correct regexps to catch log errors — that’s easy enough to do ??
Secondly: as an experienced system administrator, the extra goodies that come with the subscription model are not really worth the expense. Some of those goodies are basically just automating procedures for those that aren’t really familiar with fail2ban. Sure, the so-called Blocklist Network Service (BNS) is quite useful for preemptively block malicious IP addresses; but, as others have said elsewhere, you can pretty much accomplish the same with many other tools (most of them free). I mostly use AbuseIPDB (as well as the free version of WordFence), but your mileage may vary.
Thirdly: aye, the constant nagging to upgrade to Premium is annoying. After a while it gets on your nerves. Sure, programmers need to eat, too, so I perfectly understand the need to grab the user’s attention. I personally would prefer a one-shot fee to get most of the Premium functionality, or at least a way to turn off the constant nagging, like others already suggested; committing to a permanent subscription plan, no matter how cheap, is not really an option for those, like myself, who have irregular sources of income, and have to keep recurring payments at the bare minimum (e.g. utility bills…). I’d be fine to have very limited ‘Premium’ features for a single payment, and, sure, I’d pay US$40 for the privilege of not getting constantly nagged about upgrading…
Fourthly: documentation. It’s clear that Charles has put a huge effort in writing the documentation. Alas, the brunt of the effort was done around version 2 of wp-fail2ban. Recent features are barely documented, if at all (sometimes you only know that a feature exists, but have no idea about its purpose; sometimes there isn’t even an empty page for said feature, so you have no way to know if it exists at all or not — short of taking a look at the source code, that is).
Put in other words: to do the basics, there is enough documentation. To go a little further than that, or to figure out how to activate a recently introduced feature… well, there is often not enough help for that on the documentation. If you really need that feature, I guess you’ll have a good incentive to go Premium ??
That said, is this plugin really that useful? You bet it is!
There are a few other plugins attempting to do the same — i.e. integrating the WordPress logs with fail2ban — but they don’t come even close. WP Fail2Ban goes way, way further than other plugins. A lot of features have been very cleverly implemented (for instance, even if a hacker gets access to your website’s admin panel, despite all the protections, they’ll have a tough time to fully disable the plugin…) and work quite well in practice. What is not even mentioned on the documentation is that, by default, if you host a lot of websites, and all of them have WP Fail2Ban active, then a single filter on fail2ban will deal with blocking them all. That’s because WP Fail2Ban will add entries to syslog — which is common to the whole system. This is far better (and much faster!) than scanning each individual virtual host’s logs! Also, you get correlations that aren’t obvious, and can act upon those as well.
Imagine the following scenario: a malicious hacker figured out that your server’s IP address is actually hosting hundreds of separate websites. They have a brute-force script to try to guess passwords, but they also know that most WordPress installations, even quite basic ones, will block failed attempts after a while. So, what they do is to run the script across all websites, one by one, giving plenty of time between attempts — thus expecting to evade the most basic defence. A website that sees three failed logins in ‘quick’ succession can block that IP address effectively. But websites are independent of each other, so they cannot know if the others are being simultaneously being attacked or not; eventually, the failed attempt is ‘forgotten’ over time, and even if a request comes from the same IP address after an hour or two, it’s likely that the defence system might not associate one thing with the other. It’s just repeated attempts for the same login (usually from the same IP!) that trigger most alarms…
Not so with WP Fail2Ban. Those hundreds of sites will all promptly log a failed attempt to the same universal log, syslog. Thus, fail2ban will immediately notice that there is someone attempting to log in — and failing all the time — on any of the websites, and, as a result, will count failed attempts on one site towards a common total. The result? Such a brute-force attack can easily be detected, promptly logged, and blocked — for all websites, not just for one!
Even if you run multiple servers, each with different physical IP addresses, that’s not a problem. syslog can be configured to accept remote logging from multiple sources. You might need to do a bit of tinkering (i.e. deciding which logging facility will be kept on the local machine, and which will be stored remotely), but such a configuration is certainly possible (WP Fail2Ban can be configured to use any syslog logging level/facility!). Sure, this requires a bit of extra scripting, but it’s not a really hard thing to do — especially if you are able to instruct fail2ban to block IP addresses at the level of a common (physical) firewall.
A very easy way to accomplish the same is to use something like Cloudflare: configure fail2ban to use Cloudflare’s API to block an IP address at their firewall, and that address will be automatically blocked for all websites you’ve got protected with Cloudflare. All that for the modest cost of zero dollars.
Another interesting feature is the ability to extend WP Fail2Ban with additional plugins. A few can be activated directly from the WordPress Plugin Library (e.g. to protect your Contact 7 or Gravity forms). But you can also write your own plugins to deal with particular configuration. This mostly means telling WP Fail2Ban what to trigger and write to syslog, and adding a fail2ban filter to seek for that message and process it accordingly. That way, you can add lots of additional functionalities that are not present in the ‘core’ WP Fail2Ban plugin, but which might be quite useful.
Here is an example. fail2ban is mostly used to ban IP addresses, but it can do a lot more: an easy example is just to alert the system administrator that something is not working as it should, and send them an email (or a tweet, or something…). You can write a simple plugin to check for available memory (available to WordPress, that is), and if it’s excessive (according to your own rules!), write a message to whatever syslog level you wish — and let fail2ban pick it up from there, eventually sending an alert. While this can be accomplished in several different ways, from the perspective of a system administrator, it’s more manageable to have a ‘common’ framework for identifying malfunctions and/or (possible) security issues and configure them from the same interface (in this case, fail2ban scripts). By combining the ability of WP Fail2Ban to potentially register whatever is happening with your WP installation and write a message to syslog about it, and having fail2ban picking up those messages and extract a pattern that shows that something is wrong, you can effectively build a complex system around those tools that can give you a lot of insight on what’s going on with your websites — and automate many of the tasks (fail2ban can attempt to restart a PHP instance that has been consistently reporting many out-of-memory errors, for example).
I’m aware that there is a plethora of such tools available (New Relic comes to mind — just because it has a free tier, and it’s enterprise-grade instrumentation), but combining the power of WP Fail2Ban with fail2ban itself and using syslog as a way to pass messages between both — that’s pure genius, and a very clean and elegant way of doing even complex, automated tasks, just by using off-the-shelf tools (most of them free!).
You can see that I have listed way more reasons why I love the concept behind WP Fail2Ban than the reasons why I hate it. I would say that it’s the kind of plugin that you will actively use (it works in the background, after all), even though you can achieve similar results by adding lots of clever rules on fail2ban (without needing the extra help from WP Fail2Ban, that is). There are always trade-offs to consider — for example, where are you more comfortable dealing with security, at the WordPress level, or at the operating system level? (the correct answer, of course, is ‘both’ — but that might not be an option for everyone)
Also, I’d rate WP Fail2Ban as being a ‘comparatively light’ plugin. It does use a few database calls, just for presenting the last five reported incidents on the dashboard — but you can even turn those off and save the cost of those database accesses. After all, most of the work will be done by fail2ban anyway — running silently in the background. WP Fail2Ban is just a very sophisticated logging tool (and the ‘core’ WP engine already does its share of logging, so it’s not too much extra work), mostly providing a reasonably easy interface inside WordPress to configure how those ‘special’ logs ought to be written to syslog; that will hardly put too much stress on your own system (and syslog is designed to handle that stress!).
A last note: I’ve repeatedly mentioned that WP Fail2Ban relies on syslog to write appropriate messages to it that fail2ban can capture and process, but there are different ways to configure it — you can bypass syslog, write the logs elsewhere (even on a memory-based filesystem, if you wish!), and just process these with fail2ban (which is rather agnostic about where it should look for logs). Using syslog (especially its built-in remote logging facilities!) might be a better solution in many scenarios, but it’s not a requirement for you to use WP Fail2Ban.
Rating: 5 stars
OMG! Like magic, stopped inmediatly the login attepmts
]]>Rating: 1 star
Always nagging you to update to Pro version (in almost all admin pages, even after dismissing the notification). After uninstalling, it sends you an email to confirm activation of a subscription!?! I would recommend the author to reconsider the use of Freemius.
]]>Rating: 2 stars
At one point, the plugin started showing its ad bars on every admin page, which kept coming back every now and then. It seems to have been working well and without issues otherwise.
]]>Rating: 1 star
Привет!! Тебе нравится пользоваться WP fail2ban? Воспользуйся всеми нашими премиум возможностями на протяжении 0 – дневного тестового периода. Не требуются данные платежной карты!
]]>Rating: 3 stars
Liked the plugin but cannot sustain the subscription atop all other subscriptions. Already have fail2ban installed and running at the OS level, which is actually free, making the plugin redundant.
If you’re not a devops, or uncomfortable with the cli, then this plugin is a better option for your site and you should absolutely consider installing and using.
I also realize that the logs (output) is part of the subscription fee – but not seeing anything, anything, about the effectiveness of the plugin made me wonder if it was doing something other than taking up a slot in my plugin list. -1 for for stealth mode to encourage subscriptions.
I think WP devs desperately need a better pricing model. Had this been an outright purchase in the $40 range, I probably would have bought it. But as a very small, ecom site, supporting the plugin isn’t possible. -1 star for the pricing model.
tl;dr: essential plugin if you’re uncomfy with devops but factor subscription costs into the ROI for your site.
]]>Rating: 3 stars
If I already closed the upgrade notice, stop showing me again.
]]>Rating: 5 stars
Recent spam and brute force attacks prompted me to install this plugin on my multisite network, and it works really well! It needs some minor configuration on the server up front, but once that was all set, it instantly started banning IP’s that violated the defined filters. Highly recommended.
Minor point of criticism: links to the documentation don’t work in the plugin
]]>Rating: 1 star
It’s impossible to even evaluate the usefulness of this plugin because it’s got lots of bugs. Upon installation the plugin provides links to documentation that results in 404 page not found. Then the documentation that is available doesn’t seem to work properly. If you put the constants necessary to enable logging in the wp-config, it throws undefined variable warnings. The whole thing is a mess, and it constantly nags you to pay them money. The administrative interface doesn’t work – it’s just a decoration to show you what MIGHT work if you pay them money. This is NOT how you do Shareware or encourage people to use your products.
I’ll be looking for an alternative that actually works and isn’t obnoxious. The really sad part is, this is a pay plugin that relies on a free, open source system, Fail2Ban. If I was going to pay anybody, it will be the creators of fail2ban, not this crappy, non-working plugin.
]]>Rating: 5 stars
I’ve been an aficionado of Fail2ban for nigh on a decade. Whilst I have WordFence installed there are times when blocking would-be-intruders earlier than WordFence gets to is preferable.
Enter WP Fail2ban.
Documentation needs a mug or two to read through. I’ve been working, as a developer, with WordPress for nigh on twelve years now and even I got a bit “does he mean….?” during reading the config advice.
Pro Tip: You really do need to read the online manual if things aren’t working for you. My installation worked first time (Debian 10, Apache2, WordPress 5.5, early release of Fail2ban 0.11.1 )
Bonus: author is responsive to comments and feedback (I spotted a problem with the documentation, which has been addressed).
Cons: the “oh do please buy the pro version” and “WP2F2B has been improved!” repetitive messages & flags is a bit of a pain in the ass (and quite frankly comes across a little bit amature). Re the price for “pro” – I looked at the cost of the pro version and I think the author needs to have a re-think about what this app really offers and what’s it’s worth in money. Compared with, say, the cost of an annual WordFence license I don’t think it compares.
]]>Rating: 1 star
Free version is all locked
]]>Rating: 1 star
incessant nagging to update to “pro” version
if description mentioned that this “free” plugin isn’t free, that would be acceptable, but the current practice is deceptive and unethical
]]>Rating: 2 stars
Nagging messages about updating to the pro version every few seconds, even after they are “dismissed”.
Apart from that it seems to work OK, though it has too many irrelevant configuration options.
]]>Rating: 2 stars
Was simple and great plugin until some 4.x version where it added Freemius marketing component making calls to api.freemius.com. Have to revert to the older version for that reason. At some point the plugin was also vulnerable because of this component.
]]>Rating: 5 stars
Been using this for a while now.
Integration with fail2ban is pretty straight forward.
Rating: 5 stars
This plugin is perfect, essencial – thank you so much
the best thing about this plugin after it works perfectly,
is that it does not change the directories nor names of the configuration files, something unpleasant that always happens in plugins, you configure everything for the given file, and a certain directory of the plugin and in a new version unnecessarily the plugin changes the things of place. this plugin I have a long time, and I have a command to copy and paste the w2 fail2ban plugin settings to fail2ban, and things continue as usual. Thanks to the developer. Who does not give 5 stars, does not know how to use it.
Rating: 5 stars
Great plugin, that worked first time. On Amazon Linux / Centos the location of the log file is /var/log/messages
]]>Rating: 5 stars
Great idea if you host your own server and use fail2ban. Thanks!
]]>Rating: 5 stars
Works just great with latest version. Keep up the good work.
]]>Rating: 5 stars
Works great and is very flexible. The only thing I’d recommend out of the box is to move the regex for “Authentication attempt for unknown user” from wordpress-hard.conf to wordpress-soft.conf because the former bans the user after first failure (as per the recommended default configuration).
^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$
]]>Rating: 5 stars
You save my life. Thank you!
]]>Rating: 5 stars
Work with Ubuntu 16.04 ??
]]>