Securing WordPress using fail2ban

With the recent dictionary attacks on WordPress, I installed a simple configuration for fail2ban that requires no access to the backend of each site you host. This should protect all the sites on a server from being attacked by the massive botnet that’s doing the rounds.

Add this to /etc/fail2ban/jail.conf

[apache-wp-login]
enabled = true
port    = http,https
action   = iptables[name=WP, port=http, protocol=tcp]
filter  = apache-wp-login
logpath = /var/www/vhosts/*/statistics/logs/access_log
maxretry = 3

The logpath should include every access log on your server, or at least the WordPress ones. Mine is ideal for Plesk installs on Linux.

Add this to /etc/fail2ban/filter.d/apache-wp-login.conf

# Fail2Ban configuration file
[Definition]
failregex = <HOST>.*] "POST /wp-login.php
ignoreregex =

Restart fail2ban and you’re set.

Jared Earle is, let's face it, a geek. He's also writing about himself in the 3rd person. That's just weird.

Posted in geek
  • http://chrisgilligan.com/fail2ban-and-ossec-regex-for-redhat-centos-amazon-linux-and-fedora/ PlayGod

    Also use the generic apache-nohome, apache-noscript, install wp fail2ban plugin and configure it for your server. These both are helping during the current onslaught, which also includes probing for wp-admin directories, probing for /wp-admin/login.php, plus comment spam.

    • http://chrisgilligan.com/fail2ban-and-ossec-regex-for-redhat-centos-amazon-linux-and-fedora/ PlayGod

      Check my permalink for some additional advice that is working for us.