Wopisanje
Note: You must first have CrowdSec installed on your server. The installation is very simple.
CrowdSec is composed of a behavior detection engine, able to block classical attacks like credential bruteforce, port scans, web scans, etc.
Based on the type and number of blocked attacks, and after curation of those signals to avoid false positives and poisoning, a global IP reputation DB is maintained and shared with all network members.
This WordPress plugin is a „bouncer“, which purpose is to block detected attacks with two remediation systems: ban or challenge detected attackers with a Captcha.
CrowdSec
You can:
- Block aggressive IPs
- Display a captcha for less aggressive IPs
Get more info on the CrowdSec official website.
Screenshots
The general configuration page 
Customize the wall pages - Adapt the "captcha wall" page text content with your own 
Customize the wall pages - Adapt the "ban wall" page text content with your own 
Customize the wall pages - Adapt the pages with your colors. You can also add custom CSS rules. 
Advanced settings - Select the live or the stream mode. Select a cache engine (Classical file system, Redis or Memcached). Adjust the cache durations. 
Advanced settings - Set the CDN or Reverse Proxies to trust and configure Geolocation feature. 
The standard Captcha page 
The standard Ban page 
A Captcha wall page customization (text and colors) 
A Ban wall page customization (text and colors)
FAQ
-
What do I need to make CrowdSec work?
-
- You have to install a CrowdSec instance on this server.
- You have to generate a bouncer key on the server on which CrowdSec is running.
Reviews
15. februara 2023
Crowdsec is pretty amazing, easy to set up even if you're not a security expert, and the documentation is straightforward.
The plugin is very well supported, and they don't just blame plugin conflicts, but actually try to understand the problem and help.
I would love to see support for multisite, in the form of having network-wide options instead of having to configure the plugin individually per site.
16. julija 2022
1 reply
My WordPress server & installation (including PHP version) met or exceeded all requirements. I was running WordPress 6.01 which apparently hasn't been tested. After downloading and activating the plugin, my site experienced a "Critical Error 503" error and I was unable to access the Admin Dashboard. I was able to overcome this restriction after 2 hours and 15 minutes and deactivating and deleting the CrowdSec plugin allowed me to regain control of my Admin Dashboard and the website was back online.
4. februara 2021
Dans l'attente de nouvelles versions...
14. januara 2021
This plugin helps to keep a site well protected. Don't hesitate to get it.
Sobustatkujuce a wuwijarje
„CrowdSec“ jo software wótwórjonego žrědła. Slědujuce luźe su pśinosowali k toś tomu tykacoju.
Sobustatkujuce
“CrowdSec” has been translated into 1 locale. Thank you to the translators for their contributions.
Translate “CrowdSec” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
2.5 (2023-06-01)
- Add WordPress multisite compatibility
2.4 (2023-04-28)
- Use absolute path for TLS files
- Use absolute path for geolocation files
- Add an action after plugin upgrade to recreate standalone settings file
2.3 (2023-04-06)
- Add access restriction for some folders
2.2 (2023-03-30)
- Do not use cache tags
- Do not rotate log files
2.1 (2023-03-23)
- Add custom User-Agent debug setting
2.0 (2023-02-09)
- All source code has been refactored using new CrowdSec PHP librairies
1.11 (2022-12-22)
- Add LAPI request timeout setting
1.10 (2022-12-01)
- Modify ban and captcha walls templating for W3C validity
1.9 (2022-09-15)
- Add TLS authentication option
1.8 (2022-08-04)
- Add
use_curlconfiguration: should be used ifallow_url_fopenis disabled andcurlis available - Add
disable_prod_logconfiguration - Change log path to
wp-content/plugins/crowdsec/logs - By default, the
bouncing_levelsetting is nowbouncing_disabled(instead ofnormal_bouncing)
1.7 (2022-07-20)
- Add geolocation feature
1.6 (2022-06-30)
- Add „Test bouncing“ action in settings view
1.5 (2022-06-09)
- Use cache instead of session to store some values
1.4 (2022-04-07)
- Do not bounce PHP CLI
1.3 (2022-02-03)
- Use static settings only in standalone mode
1.2 (2021-12-09)
- Fix issue that cause warning message error on front in standalone mode
- Fix behavior : bounce should not be done twice in standalone mode
- Remove useless configuration to enable standalone mode
1.1 (2021-12-02)
- Use
0.14.0version of crowdsec php lib - Handle typo fixing for retro compatibility (
flex_boucing=>flex_bouncingandnormal_boucing=>normal_bouncing) - Split of debug in 2 configurations : debug and display_errors
1.0 (2021-06-24)
- Add Standalone mode: an option allowing the PHP engine to no longer have to load the WordPress core during the
bouncing stage. To be able to apply this mode, the webmaster has to set the auto_prepend_file PHP flag to the
script we provide. - Add debug mode: user can enable the debug mode directly from the CrowdSec advanced settings panel. A more verbose log
will be written when this flag is enabled. - Add WordPress 5.7 support
- Add PHP 8.0 support