WP fail2ban - Version 3.5.1

Version Description

  • Bugfix for WP_FAIL2BAN_BLOCK_USER_ENUMERATION.
Download this release

Release Info

Developer invisnet
Plugin Icon 128x128 WP fail2ban
Version 3.5.1
Comparing to
See all releases

Code changes from version 3.5.0 to 3.5.1

Files changed (2) hide show
  1. readme.txt +7 -2
  2. wp-fail2ban.php +3 -2
readme.txt CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://charles.lecklider.org/wordpress/wp-fail2ban/
5
  Tags: fail2ban, login, security, syslog
6
  Requires at least: 3.4.0
7
  Tested up to: 4.6.0
8
- Stable tag: 3.5.0
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
@@ -193,6 +193,9 @@ By default, *WPf2b* uses LOG_AUTH for logging authentication success or failure.
193
 
194
  == Changelog ==
195
 
 
 
 
196
  = 3.5.0 =
197
  * Add `WP_FAIL2BAN_OPENLOG_OPTIONS`.
198
  * Add `WP_FAIL2BAN_LOG_COMMENTS` and `WP_FAIL2BAN_COMMENT_LOG`.
@@ -200,7 +203,6 @@ By default, *WPf2b* uses LOG_AUTH for logging authentication success or failure.
200
  * Add `WP_FAIL2BAN_LOG_SPAM`.
201
  * Add `WP_FAIL2BAN_TRUNCATE_HOST`.
202
  * `WP_FAIL2BAN_BLOCKED_USERS` now supports an array of users with PHP 7.
203
- *
204
 
205
  = 3.0.3 =
206
  * Fix regex in `wordpress-hard.conf`
@@ -259,6 +261,9 @@ By default, *WPf2b* uses LOG_AUTH for logging authentication success or failure.
259
 
260
  == Upgrade Notice ==
261
 
 
 
 
262
  = 3.5.0 =
263
  You will need up update your `fail2ban` filters.
264
 
5
  Tags: fail2ban, login, security, syslog
6
  Requires at least: 3.4.0
7
  Tested up to: 4.6.0
8
+ Stable tag: 3.5.1
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
193
 
194
  == Changelog ==
195
 
196
+ = 3.5.1 =
197
+ * Bugfix for `WP_FAIL2BAN_BLOCK_USER_ENUMERATION`.
198
+
199
  = 3.5.0 =
200
  * Add `WP_FAIL2BAN_OPENLOG_OPTIONS`.
201
  * Add `WP_FAIL2BAN_LOG_COMMENTS` and `WP_FAIL2BAN_COMMENT_LOG`.
203
  * Add `WP_FAIL2BAN_LOG_SPAM`.
204
  * Add `WP_FAIL2BAN_TRUNCATE_HOST`.
205
  * `WP_FAIL2BAN_BLOCKED_USERS` now supports an array of users with PHP 7.
 
206
 
207
  = 3.0.3 =
208
  * Fix regex in `wordpress-hard.conf`
261
 
262
  == Upgrade Notice ==
263
 
264
+ = 3.5.1 =
265
+ Bugfix: disable `WP_FAIL2BAN_BLOCK_USER_ENUMERATION` in admin area....
266
+
267
  = 3.5.0 =
268
  You will need up update your `fail2ban` filters.
269
 
wp-fail2ban.php CHANGED
@@ -4,7 +4,7 @@
4
  * Plugin URI: https://charles.lecklider.org/wordpress/wp-fail2ban/
5
  * Description: Write all login attempts to syslog for integration with fail2ban.
6
  * Text Domain: wp-fail2ban
7
- * Version: 3.5.0
8
  * Author: Charles Lecklider
9
  * Author URI: https://charles.lecklider.org/
10
  * License: GPL2
@@ -177,11 +177,12 @@ if (defined('WP_FAIL2BAN_BLOCKED_USERS')) {
177
  /**
178
  * @since 2.1.0
179
  * @since 3.5.0 Refactored for unit testing
 
180
  */
181
  if (defined('WP_FAIL2BAN_BLOCK_USER_ENUMERATION') && true === WP_FAIL2BAN_BLOCK_USER_ENUMERATION) {
182
  function parse_request($query)
183
  {
184
- if (intval(@$query->query_vars['author'])) {
185
  openlog();
186
  syslog(LOG_NOTICE, 'Blocked user enumeration attempt');
187
  bail();
4
  * Plugin URI: https://charles.lecklider.org/wordpress/wp-fail2ban/
5
  * Description: Write all login attempts to syslog for integration with fail2ban.
6
  * Text Domain: wp-fail2ban
7
+ * Version: 3.5.1
8
  * Author: Charles Lecklider
9
  * Author URI: https://charles.lecklider.org/
10
  * License: GPL2
177
  /**
178
  * @since 2.1.0
179
  * @since 3.5.0 Refactored for unit testing
180
+ * @since 3.5.1 Check is_admin
181
  */
182
  if (defined('WP_FAIL2BAN_BLOCK_USER_ENUMERATION') && true === WP_FAIL2BAN_BLOCK_USER_ENUMERATION) {
183
  function parse_request($query)
184
  {
185
+ if (!is_admin() && intval(@$query->query_vars['author'])) {
186
  openlog();
187
  syslog(LOG_NOTICE, 'Blocked user enumeration attempt');
188
  bail();