Tutorials

How to protect your WordPress site from Brute Force Attacks (WordPress + Nginx + fail2ban)

One of the most common attacks are Brute Force attacks on your WordPress site's xmlrpc.php or wp-login.php. In a brute force attack the malicious script, which runs off server, tries a number of login combinations until it gains access to the site.

We will be using Fail2Ban framework. This framework monitors the server log files and looks for certain set patterns from each IP accessing the site. Fail2Ban checks :

  • vsftpd login failure
  • SSH auth failure etc

Fail2ban is a python script, so make sure python is installed on your server.

To install fail2ban :

sudo apt-get update
sudo apt-get install fail2ban

Configure fail2ban with default config settings :

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Next we define a new filter in /etc/fail2ban/filter.d and call it wordpress-auth.conf :

[Definition]
failregex = ^ .*POST .*xmlrpc\.php.*
            ^ .*POST .*login\.php.*

ignoreregex =

Now append the following code to the jail.conf file :

[wordpress]

enabled = true
port = http,https
filter = wordpress
logpath = /var/log/varnish/access.log
maxretry = 3
bantime = 43200

Restart fail2ban and we are done :

sudo service fail2ban restart

Copyright © 2018 WPOven