Fail2WP for WordPress

This WordPress plugin provides security functionality and integration with Fail2ban.

Basic security functionality includes:

  • Disabling login with username (require e-mail address)
  • Preventing user enumeration (?author=nnn)
  • Less detailed error messages on login failures
  • Detection of Cloudflare IP addresses for logging of actual IP addresses

The plugin also plays nicely with Fail2ban, which is an advanced way of blocking IP addresses dynamically upon suspicious behavior.

Other notes:

  • This plugin may work with earlier versions of WordPress
  • This plugin optionally makes use of mb_() PHP functions
  • Compatible with WordPress 5.6.1
  • Compatible with PHP 7.2 and PHP 7.4
  • This plugin may create entries in your PHP error log (if active)
  • This plugin contains no Javascript
  • This plugin contains no tracking code and does not store any information about users

Fail2WP on wordpress.org:
wordpress.org/plugins/fail2wp/