Markdown Content - How to secure the WordPress login panel with fail2bain (and without plugins)

---
# How to secure the WordPress login panel with fail2bain (and without plugins)

**URL:** https://modul-r.codekraft.it/2021/08/how-to-secure-the-wordpress-login-panel-with-fail2bain/
Date: 2021-08-26
Author: Erik
Post Type: post
Summary: Securing Your WordPress Site with Fail2Ban and Nginx In the ever-evolving landscape of cybersecurity, fortifying your WordPress site against malicious activities is paramount. One formidable tool in this arsenal is Fail2Ban, a versatile intrusion prevention software that adds an extra layer of protection by monitoring logs for suspicious behavior and taking preemptive actions. How Fail2Ban […]
Categories: Blog
Tags: fail2ban, nginx
---

**Securing Your WordPress Site with Fail2Ban and Nginx**

In the ever-evolving landscape of cybersecurity, fortifying your WordPress site against malicious activities is paramount. One formidable tool in this arsenal is Fail2Ban, a versatile intrusion prevention software that adds an extra layer of protection by monitoring logs for suspicious behavior and taking preemptive actions.

**How Fail2Ban Works:**

Fail2Ban operates by scanning log files on your server, identifying patterns indicative of malicious activity, and then dynamically responding to those patterns. This proactive approach makes it an effective deterrent against various threats, particularly brute force attacks. Brute force attacks involve repeated, rapid login attempts using different username and password combinations to gain unauthorized access.

**The Power of Fail2Ban Against Brute Force Attacks:**

- **Log Parsing:** Fail2Ban continuously analyzes log files, looking for patterns that might suggest malicious intent. In the context of WordPress, this includes scrutinizing access and error logs for abnormal login patterns.

- **Dynamic Response:** When Fail2Ban detects a predefined pattern, it takes immediate action to thwart potential threats. This could involve blocking the IP address attempting unauthorized access, preventing further malicious activity.

- **Adaptability:** Fail2Ban allows you to create custom rules and filters tailored to the specific needs of your server and applications. This adaptability ensures that you can address emerging threats and evolving attack patterns.

**Why Fail2Ban for WordPress Security:**

- **Targeted Protection:** By setting up Fail2Ban specifically for WordPress, you can focus on mitigating threats that target popular entry points like the login page (`/wp-login.php`) and XML-RPC functionality (`/xmlrpc.php`).

- **Resource Optimization:** Fail2Ban minimizes resource consumption by actively blocking malicious IP addresses. This helps alleviate the impact of brute force attacks on server performance.

- **Reduced Risk:** Implementing Fail2Ban significantly reduces the risk of successful brute force attacks, enhancing the overall security posture of your WordPress site.

In this guide, we will walk you through the process of configuring Fail2Ban with Nginx to safeguard your WordPress installation against unauthorized access attempts. Follow these steps to reinforce your defenses and keep your site resilient in the face of evolving cyber threats.

**Prerequisites:**

Before proceeding, ensure that you have Fail2Ban installed on your server. You can do this by running:

```
`sudo apt-get update`
```

```
`sudo apt-get install fail2ban`
```

**Configuring Fail2Ban:**

- Edit the local jails file:

```
`sudo nano /etc/fail2ban/jail.local`
```

#### Find the log path for your server (important)

**NGINX:** /var/log/nginx/access.log 

**APACHE:**  /var/log/apache/access.log  

add the wp-auth jail:

```
[wordpress-auths]
enabled = true
port = http,https
filter = wordpress-auth
logpath = /var/log/nginx/access.log
action = iptables-multiport[name=wordpress-auth, port="http,https", protocol=tcp]

```

create a filter:

```
`sudo nano /etc/fail2ban/fail2ban.d/wordpress-auth.conf`
```

add to the new filter this code

```
[Definition]
failregex = ^<HOST> .* "(GET|POST) /wp-login.php
            ^<HOST> .* "(GET|POST) /xmlrpc.php

```

Test the new filter with:

```
`fail2ban-regex /var/log/apache2/wp.access.log /etc/fail2ban/filter.d/wordpress-auth.conf`
```

To unban ip

```
`fail2ban-client set wordpress-auths unbanip 192.168.1.100`
```

To check the banned ip

```
`sudo fail2ban-client status wordpress-auth`
```

---

## Categories

- Blog

---

## Navigation

- [Home](https://modul-r.codekraft.it/)
- [Theme Setup](https://modul-r.codekraft.it/2019/06/theme-setup/)
- [Environment Setup](https://modul-r.codekraft.it/2019/06/environment-setup/)
- [Functions and Components](https://modul-r.codekraft.it/2019/06/custom-theme-functions/)
- [Classic](https://modul-r.codekraft.it/category/classic/)
- [Shop](https://modul-r.codekraft.it/shop/)
- [Tag /Archive format](https://modul-r.codekraft.it/tag/post-formats/)
- [Modul R](https://wordpress.org/themes/modul-r/)
- [Modul R (git)](https://github.com/erikyo/Modul-R)
- [Modul R Child (git)](https://github.com/erikyo/Modul-R-child)
- [CF7 Antispam](https://wordpress.org/plugins/cf7-antispam/)
- [OH-MY-SVG](https://modul-r.codekraft.it/oh-my-svg/)
- [Model-Viewer WordPress block](https://modul-r.codekraft.it/model-viewer-wordpress-block/)
- [Remove Capslock](https://wordpress.org/plugins/remove-capslock)
- [Blog](https://modul-r.codekraft.it/category/random-access-memories/)
- [Codekraft](https://github.com/codekraft-studio)
- [About Me](https://modul-r.codekraft.it/erik-golinelli/)
- [Contact](https://modul-r.codekraft.it/contacts/)
- [Credits](https://modul-r.codekraft.it/credits/)

## Tags

- fail2ban
- nginx

---

## Footer Links

- [Theme Setup](https://modul-r.codekraft.it/2019/06/theme-setup/)
- [Functions and Components](https://modul-r.codekraft.it/2019/06/custom-theme-functions/)
- [Environment Setup](https://modul-r.codekraft.it/2019/06/environment-setup/)
- [Download](https://wordpress.org/themes/modul-r/)
- [Contact form 7](https://modul-r.codekraft.it/category/contact-form-7/)
- [Quick Start](https://modul-r.codekraft.it/category/quick-start/)
- [Classic](https://modul-r.codekraft.it/category/classic/)
- [Post Formats](https://modul-r.codekraft.it/category/post-formats/)
- [Block](https://modul-r.codekraft.it/category/block/)
- [Clothing](https://modul-r.codekraft.it/product-category/clothing/)
- [Privacy Policy](https://modul-r.codekraft.it/privacy-policy/)
- [Proudly powered by WordPress & made in Bologna with ♥ by Codekraft](https://codekraft.it/)