Home / How to secure the WordPress login panel with fail2bain (and without plugins)

How to secure the WordPress login panel with fail2bain (and without plugins)

How to secure the WordPress login panel with fail2bain (and without plugins)

|

August 26, 2021

If you are running your own server, it may be useful to create a jail with fail2ban to block attempts to access your blog.

(I assume you already have fail2ban installed)

Edit the local jails file:

sudo nano /etc/fail2ban/jail.local

Find the log path for your server (important)

NGINX: /var/log/nginx/access.log

APACHE: /var/log/apache/access.log

add the wp-auth jail:

[wordpress-auths]
enabled = true
port = http,https
filter = wordpress-auth
logpath = /var/log/nginx/access.log
action = iptables-multiport[name=wordpress-auth, port="http,https", protocol=tcp]

create a filter:

sudo nano /etc/fail2ban/fail2ban.d/wordpress-auth.conf

add to the new filter this code

[Definition]
failregex = ^<HOST> .* "(GET|POST) /wp-login.php
            ^<HOST> .* "(GET|POST) /xmlrpc.php

Test the new filter with:

fail2ban-regex /var/log/apache2/wp.access.log /etc/fail2ban/filter.d/wordpress-auth.conf

To unban ip

fail2ban-client set wordpress-auths unbanip 192.168.1.100

To check the banned ip

sudo fail2ban-client status wordpress-auth
Erik

Since I was first given a Commodore64 as a child my love for the keyboard was more than obvious! I’m Erik and I currently work in my own company in italy, where I am deployed as a fullstack developer (or one man army as you prefer). I have been studying graphics and communication but the curiosity has led me to be involved in all aspects of web design, from design to programming. I am the author/contributor of some plugins and templates for WordPress and WooCommerce, follow me on https://github.com/erikyo

Tags:

Post navigation

arrow_back
arrow_forward

You might be interested in...

  • Template: Sticky

    This is a sticky post. There are a few things to verify: The sticky post should be distinctly recognizable in some way in comparison to normal posts. You can style the .sticky class if you are using the post_class() function to generate your post classes, which is a best practice. They should show at the […]

  • Horizontal Featured Image
    Template: Featured Image (Vertical)

    This post should display a featured image, if the theme supports it. Non-square images can provide some unique styling issues. This post tests a vertical featured image.

  • Functions and Components

    This template include a ton of pre-builded animations, components, functions and an object position observer. Observer Every block-item can be animated easily with the the observer that is used to trigger animations while the object is displayed on the screen. In order to create an “observed” object you need to add interactive under “Advanced” -> […]

  • Markup: Image Alignment

    Welcome to image alignment! The best way to demonstrate the ebb and flow of the various image positioning options is to nestle them snuggly among an ocean of words. Grab a paddle and let’s get started. On the topic of alignment, it should be noted that users can choose from the options of None, Left, […]

No comments yet, be the first!

Comments

Your email address will not be published. Required fields are marked *