• Home
  • Cloud
    • General
    • SaaS
    • BPaaS
    • PaaS
    • IaaS
    • Other Internet Hosted Applications
      • WordPress
        • WooThemes Canvas
          • WooThemes Canvas CSS
  • About me
  • Why Badly Wired?
  • Contact

Badly Wired

Alan's technical notebook - WordPress and other stuff

You are here: Home / Tech Tips / Using fail2ban to stop Wordpress attacks on Administrator

Using fail2ban to stop WordPress attacks on Administrator

15th August 2013 by Alan Leave a Comment

Fully Managed UK Hosting - Only £1+VAT till 1st Jan 2021 on Shared, Reseller and Dedicated Hosting! .... read more ....

There is a plugin for WordPress that works with fail2ban so you can lock out at the firewall persistent attempts at invalid passords  http://wordpress.org/plugins/wp-fail2ban/ it works  by login attempts and has a filter too.

However, with so many attacks on admin or administrator, which no one should really use anyway, I have written another filter so you can block these pointless attacks the first time they happen, (but still allowing your regular users a reasonable number of attempts).

Fully Managed UK Hosting - Only £1+VAT till 1st Jan 2021 on Shared, Reseller and Dedicated Hosting! .... read more ....
[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]

_daemon = wordpress

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[w-.^_]+)
# Values: TEXT
#
failregex = ^%(__prefix_line)s(Authentication failure|Blocked authentication attempt) for (?i)(admin|administrator|adminadmin) from <HOST>$

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

 

put the above code into a file called   wordpress-admin.conf   and place itin your fail2ban/filter.d directory  and then add

[wordpress-admin]
enabled = true
filter = wordpress-admin
action = iptables-multiport[name=WORDPRESS-ADMIN, port="http,https", protocol=tcp]
sendmail-buffered[name=WORDPRESS-ADMIN, lines=100, dest=yourname@yourdomain]
logpath = /var/log/messages
maxretry = 1
findtime = 600
bantime = 604800

to your jail.local

restart fail2ban and you are all set to ban any IPs that use admin, administrator or adminadmin for a week

[Next] Find out where to host WordPress [Read the full article…]

Filed Under: Tech Tips, Useful Stuff, Wordpress  Tagged: fail2ban

About Alan

I'm Alan from Fullworks Digital Ltd, where I develop WordPress Plugins .

My day job consists of developing new code and solutions along with support my WordPress plugin user.

I started as a professional programmer in 1979 and had been involved with the IT of business technology in virtually every area that exist.

Badlywired.com is my technical notebook, my aide memoire of the many interesting facts that I come across and 'how to' recipes of things I do infrequently. As I spend a lot of time gathering parts of solutions from the internet and assembling them into my own solutions, and also just learning how to do things, this blog is one way of giving something back to the online community that has helped me extensively.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • Applications
  • Cloud
    • General
    • Google Cloud
    • IaaS
    • Other Internet Hosted Applications
      • Wordpress
        • WooThemes Canvas
        • WooThemes Canvas CSS
    • SaaS
  • Code snippets
  • Discounts
  • Genesis
  • Google Apps for Works
  • Linux
  • News
  • SEO
  • Server setup
  • Services
  • Tech Tips
  • Uncategorised
  • Useful Images
  • Useful Stuff
  • WordPress Hosting
  • WordPress Plugins

Tags

background jobs beadcrumbs bind brandings Cache canvas Centos chrome css fail2ban Find firefox Flash fraud genesis gocardless godaddy Google google maps hackers internet explorer javascript KashFlow Linus linux Magento mapquest maps microsoft mysql news nohup php plugin plugins queens diamond jubilee replace SED SEO skype Varnish Virtualmin Webmin woothemes Wordpress

 

Affiliate and Privacy Notices

This site is free to use, but hopes to cover some costs through affiliate income, some products and links are affiliates and may earn the site advertising income.

Some affiliates use Cookies to track if you purchase from them, this allows them to apportion revenue to us you will need to refer to their specific privacy notices as to how you are tracked.

This site is a participant in the Amazon EU Associates Programme, an affiliate advertising programme designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.co.uk.

  • Privacy Policy

Copyright © 2021 · Badly Wired