Using Fail2ban with Nginx and WordPress

Fail2ban is a popular intrusion prevention software written in python that is intended to protect your server from single-source brute force attacks. By default it will watch your SSH service on port 22 but it also does much more.You can find many filters on the web, or write your own, that match a specific set of rules based on some log. Fail2ban can also be set to block the IP address of people trying to log into your WordPress website.First, add the following code to functions.php in your WordPress theme. This will return a 403 status for incorrect login attempts.

function my_login_failed_403() {status_header( 403 );} add_action( ‘wp_login_failed’, ‘my_login_failed_403′ );

Then, create a filter with these rules in /etc/fail2ban/filter.d, name it wordpress-ban.conf.

[Definition] failregex = .*POST.*(wp-login.php|xmlrpc.php).* 403

The last step is to tell Fail2ban what to do when entries in your log meet the specified criteria. In the case below Fail2ban will block a users IP address for 1 hour if he or she has more than 5 incorrect login attempts.

[wordpress] enabled = true
port = http,https
filter = wordpress-ban
logpath = /path/to/nginx/access.log
maxretry = 5
bantime = 3600

Easy, right?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>