Fail2ban wordpress

From snippet wiki
Jump to navigation Jump to search

Do you have massive login tries on wp-login.php even when secured by a local authentication layer?

Create /etc/fail2ban/filter.d/wordpress.conf 

# Fail2ban wp-login.php

[Definition]
failregex = ^<HOST> .*"POST /wp-login.php.* 401

ignoreregex =

And use it in your jail.local like this: 

[wordpress]
enabled = true
port = http,https
filter = wordpress
logpath = /var/log/apache2/*/access.log
maxretry = 10

A maximum of ten retries for your personal monday morning coffe jet lag is advisable.

Retrieved from "http://snippet.wiki/w/index.php?title=Fail2ban_wordpress&oldid=507"