Issue Summary

In WP fail2ban 5.4.0, an issue arose where the syslog tag changed to WordPress (capital W, capital P), causing existing fail2ban filters to stop working.

Root Cause

This issue was introduced by PHP Code Beautifier and Fixer (phpcbf)'s automatic application of WordPress's "CapitalPDangit" coding standard rule. While phpcbf is generally designed to apply only safe transformations, in this case, it made a change that broke functionality. The tool incorrectly assumed that capitalizing "WordPress" was a safe, purely cosmetic change when, in fact, it altered the actual logging output that fail2ban filters depend on.

Technical Impact

The automated capitalization of the syslog tag from wordpress to WordPress broke compatibility with existing fail2ban filters. Behavior that triggered a hard rule continued to be blocked, but without the IP being passed to fail2ban. Behavior that triggered a soft rule was effectively disabled, allowing unauthorized attempts that should have been flagged to go unnoticed.

Resolution

This behavior has been explicitly overridden with a PHPCS ignore comment (// phpcs:ignore WordPress.WP.CapitalPDangit). The lowercase wordpress tag will remain, ensuring compatibility with existing fail2ban filters.

Timeline

• 2024-01-27 – WP fail2ban 5.4.0 released.
• 2024-01-28 09:29 – Users report filter failures in the forums.
• 2024-01-28 – Investigation confirms the syslog tag change as the root cause.
• 2024-01-28 17:50 – WP fail2ban 5.4.0.1 released with the fix.

Going Forward

• A review of PHPCS rules applied by phpcbf will be conducted to prevent similar issues in the future.
• Automated tests will be introduced to validate syslog output formatting before release.

Comments

The "CapitalPDangit" rule should never have been included in phpcbf's automated fixes, as modifying string literals that affect program output is inherently unsafe. A GitHub issue will be opened in the appropriate repository to address this oversight and propose stricter safeguards against unintended modifications.