Securing WordPress against Bruteforce using Fail2Ban

you are banned

To better secure WordPress, and access to the wp-login administration page, I will explain how to avoid attacks by Brute-Force through the establishment of new fail2ban filters.

When you arrive on the wp-login.php space, you enter your login / password, if correct, wordpress lets you enter the administration area, and writes the code HTTP/302 “redirect” in your log file “access_log”,you are redirected to the “wp-admin” folder. By cons, if you enter the wrong login / password, you stay on your wp-login page, and HTTP/200 code “OK” is registered in your access_log file.

Therefore, we will ask our fail2ban to filter the access_log file HTTP/200 codes on wp-login page of your wordpress.

Read More