If you are running your own server, it may be useful to create a jail with fail2ban to block attempts to access your blog.
(I assume you already have fail2ban installed)
Edit the local jails file:
sudo nano /etc/fail2ban/jail.local
Find the log path for your server (important)
NGINX: /var/log/nginx/access.log
APACHE: /var/log/apache/access.log
add the wp-auth jail:
[wordpress-auths] enabled = true port = http,https filter = wordpress-auth logpath = /var/log/nginx/access.log action = iptables-multiport[name=wordpress-auth, port="http,https", protocol=tcp]
create a filter:
sudo nano /etc/fail2ban/fail2ban.d/wordpress-auth.conf
add to the new filter this code
[Definition] failregex = ^<HOST> .* "(GET|POST) /wp-login.php ^<HOST> .* "(GET|POST) /xmlrpc.php
Test the new filter with:
fail2ban-regex /var/log/apache2/wp.access.log /etc/fail2ban/filter.d/wordpress-auth.conf
To unban ip
fail2ban-client set wordpress-auths unbanip 192.168.1.100
To check the banned ip
sudo fail2ban-client status wordpress-auth
No comments yet, be the first!