Using fail2ban to Protect WordPress from Brute Force Attacks

~ Danny Lujan

Super quick guide on how to set up fail2ban to protect your server from WordPress brute force attacks. This guide assumes use of Apache and CentOS.

Install fail2ban if it is not installed already, then add this configuration file:

/etc/fail2ban/filter.d/wp-login.conf

and these contents:

 [Definition]
 failregex = ^<HOST> .* "POST /wp-login.php.*$
 ignoreregex =

Append or add this file:

/etc/fail2ban/jail.conf

and the contents:

[wp-login]
 enabled = true
 filter = wp-login
 action = iptables-multiport[name=NoAuthFailures, port="https,https"]
 logpath = /var/log/httpd/*access*.log
 findtime = 60
 bantime = 86400
 maxretry = 3

fail2ban uses the sites access logs to check. This is set up to check all access logs in the /var/log/httpd folder. Adjust this rule based on your server’s log location and configuration (not the wildcard *).

Finally restart fail2ban

service fail2ban restart

or

systemctl restart fail2ban
Triple H would approve of fail2ban
Triple H would approve of fail2ban

TRIPS BE BURYING THOSE BOTS!

Leave a Reply

Your email address will not be published. Required fields are marked *