Protect WordPress With Fail2ban
Prevent unauthorized access to your WordPress site.
1.
Install fail2ban.
sudo
apt-get install fail2ban
|
2.
Make fail2ban configuration files.
sudo
nano /etc/fail2ban/filter.d/wordpress.conf
|
[INCLUDES]
[Definition]
failregex
= ^<HOST> .* "POST .*wp-login.php HTTP/.*" 200
ignoreregex
=
|
Regex for www directory install.
failregex
= ^<HOST> .* "POST /wp-login.php HTTP/.*" 200
|
3.
Add this configuration where "JAILS" begins.
( before [ssh] )
sudo
nano /etc/fail2ban/jail.conf
|
[wordpress]
Enabled = true
filter = wordpress
action =
iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath = /var/log/nginx/access.log
bantime = 1200
maxretry = 4
|
4.
Restart fail2ban. Make few failed logins to test your
regex.
sudo
service fail2ban restart
|
sudo
fail2ban-regex /var/log/nginx/access.log /etc/fail2ban/filter.d/wordpress.conf
|
5.
Check list of blocked IP’s in iptables.
iptables
-vnL
|
6.
Test if fail2ban is
working.
sudo
fail2ban-client status wordpress
|
7.
View blocking live
from log.
sudo
tail -f /var/log/fail2ban.log
|
8.
To unban IP:
sudo
fail2ban-client get wordpress actionunban xxx.xxx.xxx.xxx
|
or
sudo fail2ban-client set wordpress unbanip xxx.xxx.xxx.xxx
|
0 comments :
Post a Comment
Comment: