All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog.
0.9.0 - 2023-10-17
- Bumps "Tested up to" version to 6.4
- Bumps minimum required PHP version to 7.0
- Bumps minimum required WP version to 5.5
- Update dependency package versions
- No changes to jail or filters in the release.
0.8.2 - 2021-08-08
- Bumps "Tested up to" version to 5.8
- No changes to jail or filters in the release.
0.8.1 - 2021-06-01
- Actually bumps "Tested up to" version to 5.7
0.8.0 - 2021-05-31
- Bumps "Tested up to" version to 5.7
- Fix issue where logging out of WordPress could cause a blocked user log to be recorded
0.7.0 - 2021-01-05
- Bumps "Tested up to" version to 5.6
- Move Composer dependencies to
require-devto reduce the number of packages installed when WP Fail2Ban Redux is installed via composer. See #17
0.6.0 - 2020-06-07
- Bumps the minimum required version to WordPress 4.9.
- Bumps "Tested up to" version to 5.4.1
0.5.1 - 2019-09-05
- Fix issue where XML-RPC multicall authentication failures weren't correctly matched by Fail2Ban with the
wordpress-hard.conffilter. [GH-12]
0.5.0 - 2018-10-27
- Add better support for use as a must-use plugin in the
mu-pluginsdirectory.
- Moved all files/folders into a new directory
wp-fail2ban-redux/wp-fail2ban-redux.
0.4.0 - 2018-01-15
- New filter,
wp_fail2ban_redux_openlog_ident, because it'sidentnotindent.
- Bumped the minimum required WordPress version to 4.5.
- Bumped the minimum required PHP version to 5.3. This is a soft bump, meaning, nothing changed that will break PHP 5.2 compatability. However, this could easily change in the future, and PHP 5.2 is no longer actively tested.
- Deprecated the
wp_fail2ban_redux_openlog_indentfilter.
0.3.1 - 2017-05-18
- Introduce
WP_Fail2Ban_Redux_Loggeras the new logger class. - Introduce
WP_Fail2Ban_Redux_Logger_Interfaceas the new logger base class.
WP_Fail2Ban_Redux::__construct()is now public.- Check if we're blocking user enumeration earlier. Should bring performance improvements.
- Bump minimum required WordPress version to 4.4.
- Refactored plugin loading.
- Use
wp_dieto exit, to allow for greater customization of exit messages. Exit messages are now escaped usingesc_html.
- Deprecated all
WP_Fail2Ban_Redux_Logmethods.
- Fix potential PHP errors during pingback logging.
0.3.0 - 2017-05-18 [YANKED]
- Superseded by 0.3.1.
0.2.1 - 2017-02-15
- Fix a stupid syntax error in the comment spam filter :( Thanks to ichtarzan for reporting!
0.2.0 - 2016-09-27
- Added a note to
wordpress.confabout thelogpathparameter, and common auth log locations. There is no need to changed existing configurations. This is merely to aid setup for future users. - Introduced
WP_Fail2Ban_Redux::user_enumerationto handle user enumeration at a better time than redirect canonical
- User enumeration blocking now checks for both the
authorandauthor_nameparameters. Theauthor_nameparameter could be used to validate the existence of a particular username, so blocking on this parameter as well will further reduce the attack surface.
WP_Fail2Ban_Redux::redirect_canonicalis now deprecated. If you were doing anything with this function, or the hook that initialized it, you should look atWP_Fail2Ban_Redux::user_enumerationinstead.
- Fixed PHP notices where
WP_Fail2Ban_Redux::comment_spamexpects two parameters. Decided it was probably a good idea to oblige. - Fixes an issue where user enumeration blocking was overzealous and would prevent actions in the admin area. Props @pjv. [GH-2]
0.1.1 - 2016-07-23
- Add
WP_Fail2Ban_Redux::get_instance()to make it easier to remove actions added.
- In PHP < 7.0,
exitisn't allowed as a method name.WP_Fail2Ban_Redux_Log::exitis nowWP_Fail2Ban_Redux_Log::_exit.
0.1.0 - 2016-07-13
- Initial release.