WP Fail2Ban

1. <?php
2. /*
3. Plugin Name: WP fail2ban
4. Plugin URI: https://charles.lecklider.org/wordpress/wp-fail2ban/
5. Description: Write all login attempts to syslog for integration with fail2ban.
6. Version: 2.1.0
7. Author: Charles Lecklider
8. Author URI: https://charles.lecklider.org/
9. License: GPL2
10. */
11.  
12. /*  
13.     Copyright 2013     Armando Vega
14.     Copyright 2012-13  Charles Lecklider  (email : wordpress@charles.lecklider.org)
15.  
16.     This program is free software; you can redistribute it and/or modify
17.     it under the terms of the GNU General Public License, version 2, as
18.     published by the Free Software Foundation.
19.  
20.     This program is distributed in the hope that it will be useful,
21.     but WITHOUT ANY WARRANTY; without even the implied warranty of
22.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
23.     GNU General Public License for more details.
24.  
25.     You should have received a copy of the GNU General Public License
26.     along with this program; if not, write to the Free Software
27.     Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
28. */
29.  
30.  
31. function f2b_openlog()
32. {
33.     openlog('wordpress('.$_SERVER['HTTP_HOST'].')',
34.              LOG_NDELAY|LOG_PID,
35.              defined(WP_FAIL2BAN_LOG) ? WP_FAIL2BAN_LOG : LOG_AUTH);
36. }
37.  
38. function f2b_bail()
39. {
40.     ob_end_clean();
41.     header('HTTP/1.0 403 Forbidden');
42.     header('Content-Type: text/plain');
43.     exit('Forbidden');
44. }
45.  
46. function f2b_remote_addr()
47. {
48.     if (defined('WP_FAIL2BAN_PROXIES')) {
49.         if (array_key_exists('HTTP_X_FORWARDED_FOR',$_SERVER)) {
50.             $ip = ip2long($_SERVER['REMOTE_ADDR']);
51.             foreach(explode(',',WP_FAIL2BAN_PROXIES) as $proxy) {
52.                 if (2 == count($cidr = explode('/',$proxy))) {
53.                     $net = ip2long($cidr[0]);
54.                     $mask = ~ ( (2 ^ (32 - $cidr[1])) - 1 );
55.                 } else {
56.                     $net = ip2long($proxy);
57.                     $mask = -1;
58.                 }
59.                 if ($net == $ip & $mask) {
60.                     return (false===($len = strpos($_SERVER['HTTP_X_FORWARDED_FOR'],',')))
61.                             ? $_SERVER['HTTP_X_FORWARDED_FOR']
62.                             : substr($_SERVER['HTTP_X_FORWARDED_FOR'],0,$len);
63.                 }
64.             }
65.         }
66.     }
67.  
68.     return $_SERVER['REMOTE_ADDR'];
69. }
70.  
71. function f2b_blocked_users($user, $username, $password){
72.     if (!empty($username) && preg_match('/'.WP_FAIL2BAN_BLOCKED_USERS.'/i', $username)) {
73.         f2b_openlog();
74.         syslog(LOG_NOTICE,"Blocked authentication attempt for $username from ".f2b_remote_addr());
75.         f2b_bail();
76.     }
77.     return $user;
78. }
79.  
80. function f2b_block_user_enumeration($redirect_url, $requested_url){
81.     if (intval(@$_GET['author'])) {
82.         f2b_openlog();
83.         syslog(LOG_NOTICE,'Blocked user enumeration attempt from '.f2b_remote_addr());
84.         bail();
85.     }
86.     return $redirect_url;
87. }
88.  
89. function f2b_login($user_login, $user){
90.     f2b_openlog();
91.     syslog(LOG_INFO,"Accepted password for $user_login from ".f2b_remote_addr());
92. }
93.  
94. function f2b_login_failed($username){
95.     f2b_openlog();
96.     syslog(LOG_NOTICE,"Authentication failure for $username from ".f2b_remote_addr());
97. }
98.  
99. if (defined('WP_FAIL2BAN_BLOCKED_USERS')) {
100.     add_action( 'authenticate','f2b_blocked_users',1,3);
101. }
102.  
103. if (defined('WP_FAIL2BAN_BLOCK_USER_ENUMERATION')) {
104.     add_filter( 'redirect_canonical','f2b_block_user_enumeration',10,2);
105. }
106.  
107. add_action( 'wp_login','f2b_login',10,2);
108. add_action( 'wp_login_failed','f2b_login_failed');