How to secure the WordPress login panel with fail2bain (and without plugins)

Securing Your WordPress Site with Fail2Ban and Nginx

In the ever-evolving landscape of cybersecurity, fortifying your WordPress site against malicious activities is paramount. One formidable tool in this arsenal is Fail2Ban, a versatile intrusion prevention software that adds an extra layer of protection by monitoring logs for suspicious behavior and taking preemptive actions.

How Fail2Ban Works:

Fail2Ban operates by scanning log files on your server, identifying patterns indicative of malicious activity, and then dynamically responding to those patterns. This proactive approach makes it an effective deterrent against various threats, particularly brute force attacks. Brute force attacks involve repeated, rapid login attempts using different username and password combinations to gain unauthorized access.

The Power of Fail2Ban Against Brute Force Attacks:

  1. Log Parsing: Fail2Ban continuously analyzes log files, looking for patterns that might suggest malicious intent. In the context of WordPress, this includes scrutinizing access and error logs for abnormal login patterns.
  2. Dynamic Response: When Fail2Ban detects a predefined pattern, it takes immediate action to thwart potential threats. This could involve blocking the IP address attempting unauthorized access, preventing further malicious activity.
  3. Adaptability: Fail2Ban allows you to create custom rules and filters tailored to the specific needs of your server and applications. This adaptability ensures that you can address emerging threats and evolving attack patterns.

Why Fail2Ban for WordPress Security:

  • Targeted Protection: By setting up Fail2Ban specifically for WordPress, you can focus on mitigating threats that target popular entry points like the login page (/wp-login.php) and XML-RPC functionality (/xmlrpc.php).
  • Resource Optimization: Fail2Ban minimizes resource consumption by actively blocking malicious IP addresses. This helps alleviate the impact of brute force attacks on server performance.
  • Reduced Risk: Implementing Fail2Ban significantly reduces the risk of successful brute force attacks, enhancing the overall security posture of your WordPress site.

In this guide, we will walk you through the process of configuring Fail2Ban with Nginx to safeguard your WordPress installation against unauthorized access attempts. Follow these steps to reinforce your defenses and keep your site resilient in the face of evolving cyber threats.


Prerequisites:

Before proceeding, ensure that you have Fail2Ban installed on your server. You can do this by running:

sudo apt-get update
sudo apt-get install fail2ban

Configuring Fail2Ban:

  1. Edit the local jails file:
sudo nano /etc/fail2ban/jail.local

Find the log path for your server (important)

NGINX: /var/log/nginx/access.log

APACHE: /var/log/apache/access.log


add the wp-auth jail:

[wordpress-auths]
enabled = true
port = http,https
filter = wordpress-auth
logpath = /var/log/nginx/access.log
action = iptables-multiport[name=wordpress-auth, port="http,https", protocol=tcp]

create a filter:

sudo nano /etc/fail2ban/fail2ban.d/wordpress-auth.conf

add to the new filter this code

[Definition]
failregex = ^<HOST> .* "(GET|POST) /wp-login.php
            ^<HOST> .* "(GET|POST) /xmlrpc.php

Test the new filter with:

fail2ban-regex /var/log/apache2/wp.access.log /etc/fail2ban/filter.d/wordpress-auth.conf

To unban ip

fail2ban-client set wordpress-auths unbanip 192.168.1.100

To check the banned ip

sudo fail2ban-client status wordpress-auth

Post navigation

You might be interested in...

No comments yet, be the first!

Comments

Your email address will not be published. Required fields are marked *