How to secure the WordPress login panel with fail2bain (and without plugins)

    If you are running your own server, it may be useful to create a jail with fail2ban to block attempts to access your blog.

    (I assume you already have fail2ban installed)

    Edit the local jails file:

    sudo nano /etc/fail2ban/jail.local

    Find the log path for your server (important)

    NGINX: /var/log/nginx/access.log

    APACHE: /var/log/apache/access.log


    add the wp-auth jail:

    [wordpress-auths]
    enabled = true
    port = http,https
    filter = wordpress-auth
    logpath = /var/log/nginx/access.log
    action = iptables-multiport[name=wordpress-auth, port="http,https", protocol=tcp]
    

    create a filter:

    sudo nano /etc/fail2ban/fail2ban.d/wordpress-auth.conf

    add to the new filter this code

    [Definition]
    failregex = ^<HOST> .* "(GET|POST) /wp-login.php
                ^<HOST> .* "(GET|POST) /xmlrpc.php
    

    Test the new filter with:

    fail2ban-regex /var/log/apache2/wp.access.log /etc/fail2ban/filter.d/wordpress-auth.conf

    To unban ip

    fail2ban-client set wordpress-auths unbanip 192.168.1.100

    To check the banned ip

    sudo fail2ban-client status wordpress-auth

    Post navigation

    You might be interested in...

    No comments yet, be the first!

    Comments

    Your email address will not be published. Required fields are marked *