Apr 28, 2016

0 Protect WordPress With Fail2ban

Prevent unauthorized access to your WordPress site.

1.                   Install fail2ban.

sudo apt-get install fail2ban

2.                   Make fail2ban configuration files.

sudo nano /etc/fail2ban/filter.d/wordpress.conf

failregex = ^<HOST> .* "POST .*wp-login.php HTTP/.*" 200
ignoreregex =

Regex for www directory install.
failregex = ^<HOST> .* "POST /wp-login.php HTTP/.*" 200

3.                   Add this configuration where "JAILS" begins. ( before [ssh] )

sudo nano /etc/fail2ban/jail.conf


Enabled    = true
filter         = wordpress
action       = iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath     = /var/log/nginx/access.log
bantime    = 1200
maxretry  = 4

4.                   Restart fail2ban. Make few failed logins to test your regex.

sudo service fail2ban restart

sudo fail2ban-regex /var/log/nginx/access.log /etc/fail2ban/filter.d/wordpress.conf

5.                   Check list of blocked IP’s in iptables.

iptables -vnL

6.                   Test if fail2ban is working.

sudo fail2ban-client status wordpress

7.                   View blocking live from log.

sudo tail -f /var/log/fail2ban.log

8.                   To unban IP:

sudo fail2ban-client get wordpress actionunban xxx.xxx.xxx.xxx

sudo fail2ban-client set wordpress unbanip  xxx.xxx.xxx.xxx


Post a Comment