Dotlayer
  • News
  • Startups
  • Tutorials
  • SEO
  • Marketing
  • Interviews
No Result
View All Result
Dotlayer
  • News
  • Startups
  • Tutorials
  • SEO
  • Marketing
  • Interviews
No Result
View All Result
Dotlayer
No Result
View All Result

Using fail2ban to Secure WordPress by Automatically Blocking Repeated Login Attempts

February 16, 2017
in Tutorials
0 0
Share on FacebookShare on Twitter

There have been a lot of high-profile hacks on WordPress websites lately, with the latest of these targeting over 1.5 Million websites. One of the methods that criminals and hacker use to gain access to WordPress websites include Brute-force attacks.

Conventionally, a brute-force attack is a repeated trial and error method used to obtain information such as a usernames, passwords, and login details. In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. The inputs are either based on a file input or a set of dictionary words.

In this post, we will be discussing how to use fail2ban to secure your WordPress site, this way multiple login attempts are blocked automatically. fail2ban is a tool that monitor requests to your web-server recorded by using logfiles to monitor certain events, failtoban then blocks any requests that are repeated after a certain number times. most malicious request are repeated over multiple times.

1. Installing fail2ban

If you don’t have fail2ban already installed, you can do it from the package manager, in the example below we will be using Ubuntu, for CentOS you would use yum.

sudo apt-get install fail2ban

2. Creating a fail2ban rule

Before fail2ban can help us block malicious WordPress login attacks, we have to setup a fail2ban rule. Once this rule is set up, fail2ban is essentially taught to recognize the paths to look out for in logfiles. For the purpose of login on WordPress, all WordPress login go to the wp-login.php file, with that being the name of the path.

Create the file /etc/fail2ban/filter.d/wp-auth.conf and add the code below to it. This essentially adds the WordPress login path to the fail2ban auth config.

# WordPress brute force auth filter: /etc/fail2ban/filter.d/wp-auth.conf:
#
# Block IPs trying to auth wp wordpress
#
# Sample login Matches e.g.
# 192.189.2.2 - [07/Jun/2016:11:15:29] "POST /wp/wp-login.php HTTP/1.0" 200 4523
#
[Definition]
failregex = ^ .* "POST /wp/wp-login.php  
ignoreregex =  

After this, add the rule to jail.local. We could add the rule to the list of other fail2ban rules, in jail.conf, however, the jail.local file is used for custom rules, and it should survive upgrades.

Create /etc/fail2ban/jail.local if it does not already exist. Restart fail2ban using the command below.

service fail2ban restart

3. Conclusion

With the fail2ban blocking rule fully setup, login attempts to wp-login.php should now get blocked in the iptables firewall. You will be able check the list of blocked ip addresses in iptables with this command:

iptables -vnL

or to see the resulting urls of the ip adresses:

iptables -L

Now all login attempts should be block.

ShareTweetPin
Previous Post

How to Host Multiple Websites with a Single WordPress Installation with Mysql on CentOS 7

Next Post

Quick and Easy Way to Exclude Specific Categories from Your WordPress RSS Feed, Front Page, Archive Pages, and Search Results

Next Post

Quick and Easy Way to Exclude Specific Categories from Your WordPress RSS Feed, Front Page, Archive Pages, and Search Results

You might also like

Mint Linux vs Ubuntu: Which is Right For You?

Mint Linux vs Ubuntu: Which is Right For You?

March 12, 2022
Net Neutrality: What is it and Why Should You Care?

Net Neutrality: What is it and Why Should You Care?

March 12, 2022
Solid State Drives – Why You Should Buy One Today

Solid State Drives – Why You Should Buy One Today

March 12, 2022

Machine Learning Algorithms Every Beginner Should Know

January 25, 2022
What Is the log4j Vulnerability, log4shell, an Example Step-By-Step Exploit and How to Fixed It

What Is the log4j Vulnerability, log4shell, an Example Step-By-Step Exploit and How to Fixed It

December 11, 2021
Simple Video Call integration into Website with Jitsi

Simple Video Call integration into Website with Jitsi

May 26, 2020
  • Terms of Service
  • Privacy Policy
  • Careers

© 2021 Dotlayer.com

No Result
View All Result
  • About Us
  • Advertise
  • Blog
  • Careers
  • Contact
  • Contact Us
  • Get Featured
  • Home Layout 1
  • Home Layout 2
  • Home Layout 3
  • Privacy Policy
  • Security
  • Services
  • Subscribe To Dotlayer
  • Terms of Service
  • Write For Us

© 2021 Dotlayer.com

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In