Question New "Gutenberg" Wordpress text editor triggers Fail2Ban?

[Bitpalast]

We are getting customer reports that the new Gutenberg Wordpress text editor triggers a Fail2Ban IP address block soon after using it. However, we have not yet had the opportunity to reproduce this or test whether this is caused by the ModSecurity jail or the Wordpress jail. Has anyone else experienced or heard of similar issues?

 

[IgorG]

Hi Peter,
Is this your case Incompatible with Plesk's WP Toolkit wp-includes security feature · Issue #8791 · WordPress/gutenberg ?

 

[Bitpalast]

I am only aware of this part:
"

• Additionally, if Fail2Ban is enabled on the server, your client IP quickly gets banned by the Apache jail for accessing restricted elements while you are just trying to edit articles."

Not sure if it is caused by wp-includes security.

 

[Bitpalast]

We are getting more reports from customers now as Wordpress promotes testing the "Gutenberg" editor as a plugin before they integrate it into their packages as their default.

Personally, I think that the issue is caused by the asynchronous behavior of Gutenberg that stores everything a user types or changes every n seconds, repeatedly requesting the same URLs within a short period of time and for that reason behaving similar to a DoS attack. According to Gutenberg triggers Fail2Ban Wordpress jails in Plesk · Issue #9933 · WordPress/gutenberg the developers don't really know what to do about it at the moment.

 

[Bitpalast]

Please see Gutenberg triggers Fail2Ban Wordpress jails in Plesk · Issue #9933 · WordPress/gutenberg once more. There is a new comment: "This seems like a thing where Plesk would already have a workaround for exactly the same behaviour in admin-ajax.php, they'll need to add one for the REST API, too. I'm going to close this issue, as it will need a Plesk update to fix it, but please let us know what they get back to you with."

 

[IgorG]

Peter, I discussed this issue with our WPT developers. They informed me that they are going to improve compatibility with Gutenberg in the nearest WPT release ( internal task EXTWPTOOLK-1806 for your reference).
Additionally, in this thread, you can find possible workaround 'This block has encountered an error and cannot be previewed.' Where to look? (conflict with Plesk and the temporary workaround to disable their security add-on) · Issue #8099 · WordPress/gutenberg