How to secure WordPress login page with Fail2Ban

by ·

Fail2Ban scans log files like /var/log/auth.log and bans IP addresses conducting too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easily configured to read any log file of your choosing, for any error you wish.

In the previous post, I introduce you to how to secure the SSH service with Fail2Ban. Today, I’m going to guide you on how to secure a WordPress login page with Fail2Ban.

To integrate with WordPress, you need to install the WP fail2ban plugin in WordPress.
After installing it, you need to copy the wordpress.conf file from the folder of WP fail2ban plugin (usually located at wordpress/wp-content/plugins/wp-fail2ban) to the Fail2ban folder (located at /etc/fail2ban/filter.d). And edit the Fail2ban configuration in the /etc/fail2ban/jail.conf file, adding the WordPress section to it:
[wordpress]

enabled = true
filter = wordpress
logpath = /var/log/auth.log
port = http,https
maxretry = 5
findtime = 3600
bantime = 86400

This section writes all access errors to the /var/log/auth.log file and this filter works for http and https. But if a caching proxy is used in the configuration of the Web server, then you also need to specify it for the WP fail2ban plugin so that it starts to take client addresses from special headers, and not the address of Frontend-proxy. To do this, open the wp-config.php file and add a line with the configuration of our Proxy server to it.

define(‘WP_FAIL2BAN_PROXIES’,‘127.0.0.1’);

127.0.0.1 is the address of the proxy server.

Now, restart Fail2ban:

service fail2ban restart

Tags: