Using Fail2ban with Nginx and WordPress

Fail2ban is a popular intrusion prevention software written in python that is intended to protect your server from single-source brute force attacks. By default it will watch your SSH service on port 22 but it also does much more.You can find many filters on the web, or write your own, that match a specific set of rules based on some log. Fail2ban can also be set to block the IP address of people trying to log into your WordPress website.First, add the following code to functions.php in your WordPress theme. This will return a 403 status for incorrect login attempts.

function my_login_failed_403() {status_header( 403 );} add_action( ‘wp_login_failed’, ‘my_login_failed_403′ );

Then, create a filter with these rules in /etc/fail2ban/filter.d, name it wordpress-ban.conf.

[Definition] failregex = .*POST.*(wp-login.php|xmlrpc.php).* 403

The last step is to tell Fail2ban what to do when entries in your log meet the specified criteria. In the case below Fail2ban will block a users IP address for 1 hour if he or she has more than 5 incorrect login attempts.

[wordpress] enabled = true
port = http,https
filter = wordpress-ban
logpath = /path/to/nginx/access.log
maxretry = 5
bantime = 3600

Easy, right?

Velocity Conference June 2014 Santa Clara, California

I was fortunate to attend the O’Reilly Velocity Conference in Santa Clara, California on June 25 and 26. The Velocity Conference is the premier annual conference about web performance and operations. People from all over the world attend to hear industry leaders talk and learn how to build faster applications and streamline their operations. It was one of the smartest groups of people I’ve ever been around. Well over 2,000 developers, engineers, managers, sys admins, programmers, and other industry experts in one convention center. I also got to know some of the NGINX team from Russia.

The Exhibitor’s Hall was filled with lots and lots of companies in the web performance industry. Exhibitors included companies such as Cedexis, of course NGINX, RackSpace, Fastly, Dropbox, CacheFly, Akamai, MaxCDN, Linode, New Relic and the list goes on. It was great to recognize many of the companies. I especially enjoyed meeting with some of the leaders at MaxCDN and Cedexis — two companies which sponsor jsDelivr.

The Velocity Conference schedule was jam-packed with talks from leading web performance advocates, engineers and evangelists such as Ilya Grigorik and Patrick Meenan from Google, Andrew Fong from Dropbox, and Steve Souders from Fastly and previously Head Performance Engineer at Google and Chief Performance Officer at Yahoo!.

I spent a lot of time at our booth (for NGINX) but did attend a few sessions too. My favorite session, excluding of course that from Sarah Novotny, evangelist and community leader at NGINX about “Things You Didn’t Know about NGINX,” was from Ilya Grigorik. One of his talks was called “IS TLS Fast Yet?” Ilya delved into TLS Optimization which was really interesting. A few of his key topics were:

  • Leveraging CDNs and edge nodes to minimize latency.
  • Reducing and eliminating RTTs with abbreviated handshakes.
  • Reducing computational costs with session resumption.
  • Reducing buffering latency for interactive traffic and maximizing throughput for bulk delivery.
  • Optimizing certification validation, leveraging certificate pinning and HSTS.
  • Configuration and deployment best practices: enabling False Start, Forward Secrecy, and more.

Overall the Velocity Conference 2014 was a really exciting event. I met many new people in the industry and was introduced to some cool new startups. It was also great to see that almost all companies are hiring. It’s definitely a conference I would hope to attend again one day.