Fail2ban filter for WordPress

Fail2ban is one way to protect your site(s) would be to use with the annoying brute force hack going round

As with all fail2ban rules, it’s not going to work if the attacker changes IP often (but from scanning the logs so far, it doesn’t seem to be the case that they are).

Obvious caveats :

  1. Users who can’t remember their password(s) will get blocked.
  2. It’s not going to protect you from a distributed attack (multiple IPs) very well
  3. You may want to perform other counter-measures (like putting Apache http authentication in for URLs matching /wp-login.php)

copy your /etc/fail2ban/jail.conf to /etc/fail2ban/jail.local

In /etc/fail2ban/jail.local:

[apache-wp-login]
enabled = true
port = http,https
filter = apache-wp-login
logpath = /var/www/vhosts/*/statistics/logs/access_log
maxretry = 5
findtime = 120

And create /etc/fail2ban/filter.d/apache-wp-login.conf :

[Definition]
failregex = <HOST>.*] "POST /wp-login.php
ignoreregex =

From

Fail2ban filter for WordPress