- Site heath checks
- Akismet support
- Event hooks
- Add support for Pingbacks while blocking XML‑RPC.
- Back-port new Block event class.
- Add cron event to update trusted Cloudflare IP ranges weekly.
- Add cron event to update trusted Jetpack IP ranges weekly.
- Add cron event to update MaxMind database weekly.
- Add support for blocking by Country.
- Add XML‑RPC blocking; allow trusted IPs and Jetpack.
2.2. NEW - Block username logins¶
Sometimes it’s not possible to block user enumeration (for example, if your theme provides Author profiles). Version 4.3 adds support for requiring the use of email addresses for login.
2.3. NEW - Filter for Empty Username Login Attempts¶
Some bots will try to login without a username. Version 4.3 logs these attempts and provides an “extra” filter to match them.
2.4. NEW - syslog Dashboard Widget¶
Ever wondered what’s being logged? The new dashboard widget shows the last 5 messages; the Premium version keeps a full history to help you analyse and prevent attacks.
2.5. Support for 3rd-party Plugins¶
Version 4.2 introduced a simple API for authors to integrate their plugins with WPf2b, with 2 experimental add-ons:
2.6. CloudFlare and Proxy Servers¶
WPf2b can be configured to work with CloudFlare and other proxy servers. For a brief overview see WP_FAIL2BAN_PROXIES.
WPf2b logs failed pingbacks, and can log all pingbacks. For a brief overview see WP_FAIL2BAN_LOG_PINGBACKS.
2.11. Work-Arounds for Broken syslogd¶
2.12. Blocking Users¶
WPf2b can be configured to short-cut the login process when the username matches a regex. For a brief overview see WP_FAIL2BAN_BLOCKED_USERS.
2.13. mu-plugins Support¶
WPf2b can easily be configured as a must-use plugin.