fail2banWith this guide you can create a filter for fail2ban to block hack on wordpress login.

To first create the filter

vi /etc/fail2ban/filter.d/apache-wplogin.conf

and paste this code

# Fail2Ban configuration file
[Definition]
failregex = <HOST>.*] "POST /wp-login.php
 <HOST>.*] "GET /wp-login.php

After add the jail in

/etc/fail2ban/jail.conf

at the and of the file

[apache-wplogin]
enabled = true
port = http,https
action = iptables[name=WP, port=http, protocol=tcp]
sendmail-whois[name=WPLOGIN, [email protected], sender=fail2ban-wplogin]
filter = apache-wplogin
logpath = /var/www/vhosts/system/*/statistics/logs/access_log
#findtime = 3600
maxretry = 20
bantime = 3600

Now restart fail2ban

/etc/init.d/fail2ban restart

In logpath parameter you need to specify the log file to analyse.
In this case I’m analysing the access log for all the virtual host in parallel plesk.

This page has been readed 3006 times

Leave a Reply

Your email address will not be published. Required fields are marked *