WP fail2ban

fail2ban is one of the simplest and most effective security measures you can implement to prevent brute-force attacks.

WP fail2ban logs all login attempts – including via XML-RPC, whether successful or not, to syslog using LOG_AUTH.

Content on this page is based on https://en-gb.wordpress.org/plugins/wp-fail2ban/ correct as of 

With Qala, this plugin supports Electroninja to improve the overall brute-force protection poise.

User experience

Website visitors visit a more secure website and therefore one that is less likely to be down, slow, defaced or present a security risk to them.

Malicious actors trying to login are blocked by IP according to the configuration of the plugin.


  • NEW – Multisite Support
    Version 4.3 introduces proper support for multisite networks.
  • NEW – Block username logins
    Sometimes it’s not possible to block user enumeration (for example, if your theme provides Author profiles). Version 4.3 adds support for requiring the use of email addresses for login.
  • NEW – Filter for Empty Username Login Attempts
    Some bots will try to login without a username. Version 4.3 logs these attempts and provides an “extra” filter to match them.
  • NEW – syslog Dashboard Widget
    Ever wondered what’s being logged? The new dashboard widget shows the last 5 messages; the Premium version keeps a full history to help you analyse and prevent attacks.
  • Remote Tools Add-on
    The Remote Tools add-on provides extra features without adding bloat to the core plugin. For more details see the add-on page.
  • Support for 3rd-party Plugins
    Version 4.2 introduced a simple API for authors to integrate their plugins with WPf2b, with 2 experimental add-ons:

  • CloudFlare and Proxy Servers
    WPf2b can be configured to work with CloudFlare and other proxy servers.


Related Qala features