fail2ban for wordpress!

There are botnets out there that just scan the Internet for wordpress sites, and then try to dictionary attack the login page. WP fail2ban is an awesome plugin that will write the unsuccessful login attempts to your syslog.

Installation is easy.

Install the plugin.
Activate the plugin.
Copy wordpress.conf to /etc/fail2ban/filters.d (default on Ubuntu, ymmv)
add the following to the end of jail.conf (or jail.local)

[wordpress]

enabled = true
filter = wordpress
logpath = /var/log/auth.log
port = http,https
bantime = 604800
findtime = 86400
maxretry = 5

Then just sudo service fail2ban restart and you’re all set.

Comments (0)

› No comments yet.

Leave a Reply

Allowed Tags - You may use these HTML tags and attributes in your comment.

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Pingbacks (0)

› No pingbacks yet.