Home / How to secure the WordPress login panel with fail2bain (and without plugins)

How to secure the WordPress login panel with fail2bain (and without plugins)

How to secure the WordPress login panel with fail2bain (and without plugins)

|

August 26, 2021

    If you are running your own server, it may be useful to create a jail with fail2ban to block attempts to access your blog.

    (I assume you already have fail2ban installed)

    Edit the local jails file:

    sudo nano /etc/fail2ban/jail.local

    Find the log path for your server (important)

    NGINX: /var/log/nginx/access.log

    APACHE: /var/log/apache/access.log

    add the wp-auth jail:

    [wordpress-auths]
enabled = true
port = http,https
filter = wordpress-auth
logpath = /var/log/nginx/access.log
action = iptables-multiport[name=wordpress-auth, port="http,https", protocol=tcp]

    create a filter:

    sudo nano /etc/fail2ban/fail2ban.d/wordpress-auth.conf

    add to the new filter this code

    [Definition]
failregex = ^<HOST> .* "(GET|POST) /wp-login.php
            ^<HOST> .* "(GET|POST) /xmlrpc.php

    Test the new filter with:

    fail2ban-regex /var/log/apache2/wp.access.log /etc/fail2ban/filter.d/wordpress-auth.conf

    To unban ip

    fail2ban-client set wordpress-auths unbanip 192.168.1.100

    To check the banned ip

    sudo fail2ban-client status wordpress-auth
    Erik Golinelli

    Since I was first given a Commodore64 as a child my love for the keyboard was more than obvious! I’m Erik and I currently work in my own company in italy, where I am deployed as a fullstack developer (or one man army as you prefer). I have been studying graphics and communication but the curiosity has led me to be involved in all aspects of web design, from design to programming. I am the author/contributor of some plugins and templates for WordPress and WooCommerce, follow me on https://github.com/erikyo

    Tags:

    Post navigation

    arrow_back
    arrow_forward

    You might be interested in...

    • Template: Sticky

      Your name Your email Subject Your message (optional) This is a sticky post. There are a few things to verify: The sticky post should be distinctly recognizable in some way in comparison to normal posts. You can style the .sticky class if you are using the post_class() function to generate your post classes, which is […]

    • How to preload featured image with WordPress

      Your name Your email Subject Your message (optional) This simple action will add the preload for post featured image (works both with src and srcset)

    • Template: Comments Disabled

      Your name Your email Subject Your message (optional) This post has its comments, pingbacks, and trackbacks disabled. There should be no comment reply form, but should display pingbacks and trackbacks.

    • Block: Image

      Your name Your email Subject Your message (optional) Welcome to image alignment! If you recognize this post, it is because these are blocks that have been converted from the classic Markup: Image Alignment post. The best way to demonstrate the ebb and flow of the various image positioning options is to nestle them snuggly among […]

    No comments yet, be the first!

    Comments

    Your email address will not be published. Required fields are marked *