Home geek Securing WordPress using fail2ban

Securing WordPress using fail2ban

Posted on Posted in geek 5 Comments

With the recent dictionary attacks on WordPress, I installed a simple configuration for fail2ban that requires no access to the backend of each site you host. This should protect all the sites on a server from being attacked by the massive botnet that’s doing the rounds.

Add this to /etc/fail2ban/jail.conf

[apache-wp-login]
enabled = true
port    = http,https
action   = iptables[name=WP, port=http, protocol=tcp]
filter  = apache-wp-login
logpath = /var/www/vhosts/*/statistics/logs/access_log
maxretry = 3

The logpath should include every access log on your server, or at least the WordPress ones. Mine is ideal for Plesk installs on Linux.

Add this to /etc/fail2ban/filter.d/apache-wp-login.conf

# Fail2Ban configuration file
[Definition]
failregex = <HOST>.*] "POST /wp-login.php
ignoreregex =

Restart fail2ban and you’re set.

About

Jared Earle is a writer, photographer and systems administrator. You can find him on Twitter most of the time.