[WordPress] 外掛分享： Fail2WP

內容簡介

Fail2WP 是一款提供安全功能的 WordPress 外掛，並可與 fail2ban 整合。它不需要 fail2ban 即可運作，能有效增強網站的安全性，防止未經授權的登入和其他潛在威脅。

【主要功能】
• 禁用使用者名稱登入，需使用電子郵件
• 允許/拒絕特定 IP 地址或主機名登入
• 防止使用者枚舉攻擊
• 最小使用者名稱長度限制
• 阻止特定使用者名稱註冊新帳戶
• 部分或完全禁用 XMLRPC 存取

外掛標籤

開發者團隊

原文外掛簡介

This WordPress plugin provides security functionality and integration with fail2ban.
It does not require fail2ban to function.
Basic security functionality includes:

Disabling login with username (require e-mail address)
Allow/Deny login from IP address, hostname (including wildcard support)
Preventing user enumeration (?author=nnn)
Less detailed error messages on login failures
Minimum username length
Blocking specific usernames from being used to register new users
Requiring e-mail address matching for new user registrations
Warning about new user role setting
Blocking of portions or all of WordPress REST API
Disabling of RSS and Atom feeds
Removal of “Generator” information from HTML and feeds
Detection of Cloudflare IP addresses for logging of actual IP addresses
Blocking/Allowing logins from IP addresses, IP ranges, and/or hostnames
Partially or fully disable XMLRPC access

The plugin also plays nicely with Fail2ban, which is an advanced way of blocking IP addresses dynamically upon suspicious behavior.
Other notes:

This plugin may work with earlier versions of WordPress
This plugin has been tested with WordPress 5.5+ and 6.x at the time of this writing
This plugin has been tested with PHP 7.4, 8.1, 8.2, and 8.3 at the time of this writing
Local syntax/runtime compatibility checks have also been run on PHP 8.4
This plugin optionally makes use of mb_ PHP functions
This plugin may create entries in your PHP error log (if active)
This plugin contains no Javascript
This plugin contains no tracking code and does not store any information about users

Credits
The Fail2WP Plugin was written by Joaquim Homrighausen while converting caffeine into code.
Fail2WP is sponsored by WebbPlatsen i Sverige AB, Sweden.
Copyright 2020-2026 Joaquim Homrighausen; all rights reserved.
Commercial support and customizations for this plugin is available from WebbPlatsen i Sverige AB in Sweden.
If you find this plugin useful, the author is happy to receive a donation, good review, or just a kind word.
If there is something you feel to be missing from this plugin, or if you have found a problem with the code or a feature, please do not hesitate to reach out to [email protected].
This plugin can also be downloaded from code.webbplatsen.net and GitHub
More detailed documentation is available at code.webbplatsen.net/documentation/fail2wp/
Kudos to Thomas Lutz.

延伸相關外掛

WP fail2ban – Advanced SecurityFail2ban是您可以實施來保護 WordPress 網站的最簡單和最有效...Stop User EnumerationStop User Enumeration 是一款安全插件，旨在檢測和防止黑客...WP Fail2Ban ReduxWP Fail2Ban Redux可以記錄多種WordPress事件，以供與Fail2Ba...Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam ProtectionSTOP BAD BOTS ★★★★★ Stop Bad Bots，防止 DNS Cloud 或 API...WP fail2ban Blocklist許多外掛在連接後使用資料庫檢查惡意 IP，當然 fail2ban 可以...WP fail2ban Add-on for Contact Form 7無論你的反垃圾郵件措施有多好，總有一些垃圾郵件會過關。這...WP fail2ban Add-on for Gravity Forms無論您的防垃圾郵件措施有多好，仍會有一些垃圾郵件通過。這...Bot Traffic Shield – Block Bad Bots and Stop AI Bots Crawlers總結文案：在人工智慧時代，您寶貴的網站內容成為大型科技公...WordPress Fail2BanWireFlare 的 WordPress Fail2Ban 插件會創建一個 syslog 設...HTTP/1.1 403 Forbidden header on a failed login此外掛在登入失敗時發送「HTTP/1.1 403 Forbidden」標頭，而...Authentication and xmlrpc log writer此外掛會紀錄所有失敗的連線嘗試（暴力攻擊）與無效的 pingba...ReportAttacks — Brute Force & Login Protection報告登錄暴力攻擊，防止和封鎖暴力登錄嘗試並創建 IP 地址黑...