Securing WordPress against Bruteforce using Fail2Ban
To better secure WordPress, and access to the wp-login administration page, I will explain how to avoid attacks by Brute-Force through the establishment of new fail2ban filters.
When you arrive on the wp-login.php space, you enter your login / password, if correct, wordpress lets you enter the administration area, and writes the code HTTP/302 “redirect” in your log file “access_log”,you are redirected to the “wp-admin” folder. By cons, if you enter the wrong login / password, you stay on your wp-login page, and HTTP/200 code “OK” is registered in your access_log file.
Therefore, we will ask our fail2ban to filter the access_log file HTTP/200 codes on wp-login page of your wordpress.
Create apache-wplogin.conf file:
# vim /etc/fail2ban/filter.d/apache-wplong.conf
Insert the following definition:
failregex = ^. * “POST. * / wp-login \. php HTTP. * 200e * $
Then add in your jail.local file:
# vim /etc/fail2ban/jail.local
enabled = true
filter = apache-wplogin
action = iptables-multiport [name = apache-wplogin, port = “http, https” protocol = tcp]
port = http, https
logpath = /var/log/httpd/access_log
maxretry = 5
findtime = 60
bantime = 86400
Explanation: Fail2ban block anyone trying to log more than 5 times (maxretry) in less than 60 seconds (findtime), and, for 24 hours (bantime). The filter is applied to the explanation made at the beginning of the article :).
# service fail2ban restart
Your WordPress admin area is now a bit more secure through the use of fail2ban.
For any comments, questions, suggestions, comments are there ;).