Securing WordPress using fail2ban

With the recent dictionary attacks on WordPress, I installed a simple configuration for fail2ban that requires no access to the backend of each site you host. This should protect all the sites on a server from being attacked by the massive botnet that’s doing the rounds.

Add this to /etc/fail2ban/jail.conf

enabled = true
port    = http,https
action   = iptables[name=WP, port=http, protocol=tcp]
filter  = apache-wp-login
logpath = /var/www/vhosts/*/statistics/logs/access_log
maxretry = 3

The logpath should include every access log on your server, or at least the WordPress ones. Mine is ideal for Plesk installs on Linux.

Add this to /etc/fail2ban/filter.d/apache-wp-login.conf

# Fail2Ban configuration file
failregex = <HOST>.*] "POST /wp-login.php
ignoreregex =

Restart fail2ban and you’re set.

Jared Earle is a writer, photographer and systems administrator. You can find him on Twitter most of the time.