Files
ansible-lemp-wordpress/CHANGELOG.md
Sebastian Palencsar dffd8e3b76 feat: v2.5.0 - Complete Technology & Security Update
Features:
- PHP 8.4 support (from 8.3)
- WordPress 7.0 (auto-update via WP-CLI)
- Modern TLS 1.3 cipher suites (2026 best practices)
- Fail2Ban security integration (5 jails: SSH, Nginx, WordPress, recidive)
- Auto-update cron job for WordPress (weekly Minor updates)
- Debian 14 Forky support (testing)
- Ubuntu 25.04 support
- Python 3.12 in GitHub Actions

Security:
- Fail2Ban with SSH brute force protection (24h ban)
- WordPress wp-login.php protection (2h ban)
- Nginx bot scanner protection
- Recidive jail for repeat offenders (1 week ban)
- Modern TLS ciphers (AEAD only)
- HSTS 2 years for preload

Documentation:
- docs/autoupdate.md - WordPress auto-update guide
- docs/fail2ban.md - Fail2Ban configuration guide
- docs/troubleshooting.md - Updated with php_version variable

Breaking changes:
- PHP 8.4 is now the default (requires Ubuntu 20.04+ or Debian 11+)
2026-05-04 19:37:27 +02:00

5.8 KiB
Executable File

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[2.5.0] - 2026-05-04 - Fail2Ban Security

Added

  • Fail2Ban integration in playbooks
  • fail2ban jail.local template with SSH, Nginx, WordPress jails
  • WordPress wp-login.php protection filter
  • fail2ban documentation (docs/fail2ban.md)

Security Jails

  • sshd: SSH brute force protection (24h ban)
  • nginx-http-auth: HTTP Auth failures
  • nginx-botsearch: Bot scanners
  • wordpress-login: WordPress login protection
  • recidive: Repeat offenders (1 week ban)

Changed

  • fail2ban package added to system packages
  • Incremental bans enabled for repeat offenders

[2.4.0] - 2026-05-04 - Auto-Update Feature

Added

  • WordPress auto-update script (scripts/wp-update.sh)
  • Automated weekly minor updates via cron
  • WP-CLI update automation in playbooks
  • Auto backup before updates
  • Auto-update documentation (docs/autoupdate.md)

Changed

  • Minor updates enabled by default (recommended for production)

Security

  • Automatic database and file backups before updates

[2.3.0] - 2026-05-04 - Security & Maintenance Update

Changed

  • Modern TLS cipher suites (2026 best practices) - AEAD ciphers only
  • TLS session handling improved (ssl_session_tickets off, 1d timeout)
  • HSTS max-age increased to 63072000 (2 years for preload)
  • Docker description updated with PHP 8.4

Security

  • Removed deprecated ciphers (CBC mode, static RSA)
  • Only TLS 1.2 + 1.3 with forward secrecy

[2.2.0] - 2026-05-04 - OS Compatibility Update

Changed

  • Debian 14 "Forky" support (testing/upcoming)
  • Ubuntu 25.04 added to CI/CD test matrix
  • Python 3.12 in GitHub Actions (from 3.11)

[2.1.0] - 2026-05-04 - Technology Update

Changed

  • PHP 8.4 support (from 8.3) with property hooks, asymmetric visibility, and performance improvements
  • WordPress 7.0 as default (from 6.x) with Notes feature, Command Palette, and Abilities API
  • Ubuntu 25.04 compatibility (Plucky Puffin interim release)
  • Debian 13 "Trixie" compatibility (current stable)
  • Updated OS compatibility matrix in all documentation

[2.0.0] - 2025-06-21 - Production-Ready Release

Added

  • Production-ready project cleanup and optimization
  • Ansible Vault documentation and guide for secure password management
  • Comprehensive security documentation (SECURITY.md)
  • Vault usage guide (docs/vault.md) with complete setup instructions
  • Enhanced SSL/HTTPS support with modern TLS configurations
  • Nginx security headers (X-Frame-Options, X-XSS-Protection, etc.)
  • HSTS (HTTP Strict Transport Security) for SSL deployments
  • Redis caching in ultimate playbook with WordPress object cache plugin
  • PHP OPcache optimization for enhanced performance
  • Advanced Nginx optimizations (gzip compression, caching, buffer tuning, timeouts)

Changed

  • BREAKING: Removed experimental features for production stability (moved non-essential features to optional)
  • Streamlined to 2 production-ready playbooks: lemp-wordpress.yml (basic) and lemp-wordpress-ultimate.yml (with Redis & OPcache)
  • Reduced templates to 5 production-tested files only
  • Cleaned inventory structure: production.yml, docker.yml, production.yml.example
  • Enhanced documentation structure with consistent multi-language support
  • Improved security features focus on SSL/TLS and Nginx hardening
  • Updated CONTRIBUTING.md to reflect current project structure

Removed

  • Test playbooks and development artifacts
  • Experimental Fail2Ban integration (moved to future roadmap for better implementation)
  • Non-essential templates and inventory files
  • Test deployment files with hardcoded passwords

Security

  • All production passwords replaced with secure placeholder values
  • Ansible Vault documentation provided for sensitive data management
  • Secure inventory templates with placeholder values (CHANGE_ME_*)
  • Enhanced SSL certificate management
  • Complete vault.md guide for implementing encrypted password storage

Planned

  • WordPress Multisite automation
  • Advanced backup strategies with retention policies
  • Fail2Ban integration (improved implementation)
  • Monitoring integration (Prometheus/Grafana)
  • Database replication setup
  • Performance tuning guides

[1.0.0] - 2025-06-19 - First Release

Added

  • Complete LEMP stack automation for Ubuntu/Debian
  • SSL/HTTPS support with modern TLS configuration
  • GitHub Actions CI/CD pipeline
  • WordPress automation with WP-CLI integration
  • Performance optimizations (PHP OPcache, MySQL tuning)
  • Security enhancements (SSL/TLS hardening, secure configurations)
  • Comprehensive documentation and guides
  • Contributing guidelines and troubleshooting guide
  • Docker testing environment
  • Multi-environment support (Docker, VMs, bare metal)
  • Ubuntu/Debian support (20.04, 22.04, 24.04, Debian 11, 12)
  • 🌍 Multilingual documentation (German, Hungarian translations)
  • 🧪 Simplified and robust CI/CD testing approach
  • 📝 Professional language navigation in README

Changed

  • Restructured project for better maintainability
  • Improved error handling in playbooks
  • Enhanced variable management with OS-specific files
  • Better template organization
  • Focused exclusively on Ubuntu/Debian family systems for better stability
  • Unified variables into single debian-family.yml file
  • Streamlined playbooks for production readiness
  • Improved test reliability with comprehensive integration tests

Fixed

  • WP-CLI download from official source
  • MySQL user permissions for TCP connections
  • PHP-FPM socket permissions
  • Service management across different systems
  • CI/CD pipeline stability issues
  • Container build problems in GitHub Actions
  • SSH connectivity issues in automated tests
  • Python3-apt dependency problems in check mode