2. Features

  • WAF
  • Site heath checks
  • Akismet support
  • Event hooks
  • Add support for Pingbacks while blocking XML‑RPC.
  • Add cron event to update trusted Cloudflare IP ranges weekly.
  • Add cron event to update trusted Jetpack IP ranges weekly.
  • Add cron event to update MaxMind database weekly.
  • Add support for blocking by Country.
  • Add XML‑RPC blocking; allow trusted IPs and Jetpack.

2.1. NEW - Multisite Support

Version 4.3 introduces proper support for multisite networks.

2.2. NEW - Block username logins

Sometimes it’s not possible to block user enumeration (for example, if your theme provides Author profiles). Version 4.3 adds support for requiring the use of email addresses for login.

2.3. NEW - Filter for Empty Username Login Attempts

Some bots will try to login without a username. Version 4.3 logs these attempts and provides an “extra” filter to match them.

2.4. NEW - syslog Dashboard Widget

Ever wondered what’s being logged? The new dashboard widget shows the last 5 messages; the Premium version keeps a full history to help you analyse and prevent attacks.

2.5. Support for 3rd-party Plugins

Version 4.2 introduced a simple API for authors to integrate their plugins with WPf2b, with 2 experimental add-ons:

2.6. CloudFlare and Proxy Servers

WPf2b can be configured to work with CloudFlare and other proxy servers. For a brief overview see WP_FAIL2BAN_PROXIES.


WPf2b can log both successful comments (see WP_FAIL2BAN_LOG_COMMENTS), and unsuccessful comments (see WP_FAIL2BAN_LOG_COMMENTS_EXTRA).

2.8. Pingbacks

WPf2b logs failed pingbacks, and can log all pingbacks. For a brief overview see WP_FAIL2BAN_LOG_PINGBACKS.

2.9. Spam

WPf2b can log comments marked as spam. See WP_FAIL2BAN_LOG_SPAM.

2.10. User Enumeration

WPf2b can block user enumeration. See WP_FAIL2BAN_BLOCK_USER_ENUMERATION.

2.11. Work-Arounds for Broken syslogd

WPf2b can be configured to work around most syslogd weirdness. For a brief overview see WP_FAIL2BAN_SYSLOG_SHORT_TAG and WP_FAIL2BAN_HTTP_HOST.

2.12. Blocking Users

WPf2b can be configured to short-cut the login process when the username matches a regex. For a brief overview see WP_FAIL2BAN_BLOCKED_USERS.

2.13. mu-plugins Support

WPf2b can easily be configured as a must-use plugin.