diff --git a/en_US/howto/fail2ban.sql.md b/en_US/howto/fail2ban.sql.md
index ec5c69d4..0bbaafbc 100644
--- a/en_US/howto/fail2ban.sql.md
+++ b/en_US/howto/fail2ban.sql.md
@@ -155,9 +155,10 @@ File `/etc/fail2ban/action.d/banned_db.conf` indicates we now have a new action
named `banned_db` (it's file name without extension). Feel free to open this
file and check what it does.
-Script `/usr/local/bin/fail2ban_banned_db` will read `/root/.my.cnf-fail2ban`
-(OpenLDAP/MySQL/MariaDB backends) or `~postgresql/.pgpass` (PostgreSQL backend)
-to read SQL credential.
+Script `/usr/local/bin/fail2ban_banned_db` will read SQL username and password
+from `/root/.my.cnf-fail2ban` (OpenLDAP/MySQL/MariaDB backends) or
+`~postgresql/.pgpass` (PostgreSQL backend), then connect to SQL server and
+add or remove banned IP addresses.
## Enable the new action `banned_db`
diff --git a/html/fail2ban.sql.html b/html/fail2ban.sql.html
index 653b3caa..7cef17a0 100644
--- a/html/fail2ban.sql.html
+++ b/html/fail2ban.sql.html
@@ -173,9 +173,10 @@ chmod 0550 /usr/local/bin/fail2ban_banned_db
File /etc/fail2ban/action.d/banned_db.conf indicates we now have a new action
named banned_db (it's file name without extension). Feel free to open this
file and check what it does.
-Script /usr/local/bin/fail2ban_banned_db will read /root/.my.cnf-fail2ban
-(OpenLDAP/MySQL/MariaDB backends) or ~postgresql/.pgpass (PostgreSQL backend)
-to read SQL credential.
+Script /usr/local/bin/fail2ban_banned_db will read SQL username and password
+from /root/.my.cnf-fail2ban (OpenLDAP/MySQL/MariaDB backends) or
+~postgresql/.pgpass (PostgreSQL backend), then connect to SQL server and
+add or remove banned IP addresses.
Enable the new action banned_db
Now go to /etc/fail2ban/jail.d/ and update config files for the jails you
want to store banned IP in SQL db. Let's take dovecot.local for example.