fail2ban for Wordpress sites on cPanel?

Dr. McKay

Well-known member
Registered
Joined
Nov 26, 2016
Messages
565
Points
28
I have seen fail2ban installed on my Plesk hosting control panel and it blocked users that attempting to login into wp-admin. I like this feature on Plesk and wanted to install or have it on cPanel for my Wordpress sites to. How to achieve this? any guide? thanks in advance!
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
Hello @Dr. McKay,
to do the same on cPanel, you have to create a similar fail2ban configuration on your server (you cannot use the same configuration than on your Plesk server because cPanel do not use the same folders to store access_logs).

I will give you an example I use on my servers, you will just have to adapt it to use it with cPanel

With fail2ban, you need to create a filter (a way to detect a bruteforce attack), and a jail (the common configuration for fail2ban, with the path of access_logs , what to do in case of bruteforce, and a name to identify for what reason an IP was banned).

Adding a filter

To create a WordPress Jail, you have to create a new filter, it mean creating a new file in /etc/fail2ban/filter.d/, in my example, I named it ee-wordpress.conf :
Bash:
[Definition]
failregex = ^<HOST>.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200
ignoreregex =
This filter will detect each tentative (successfull or not) of login into WordPress.

Adding a jail

Then you can create your jail to use the filter previously added, by creating a new file in /etc/fail2ban/jail.d/, in my example I created a file named wp.conf :
Bash:
[ee-wordpress]
enabled = true
filter = ee-wordpress
action = iptables-multiport[name="ee-wordpress", port="http,https"]
logpath = /var/log/nginx/*access.log
maxretry = 5
Here, the jail name is ee-wordpress (because it come from my configuration repository for servers running with EasyEngine).
  • It use the filter ee-wordpress previously created,
  • after 5 tentatives of login by the same IP (detected by reading nginx logs in /var/log/nginx/*access.log) it will ban the IP
  • To ban an IP, it will use the action iptables-multiport available by default with fail2ban to deny access to the port 80 & 443 (http and https)
  • It can be disabled by replacing enabled = true by enabled = false
The last step to enable your jail, is to reload fail2ban with the command :
Bash:
fail2ban-client reload
 

Dr. McKay

Well-known member
Registered
Joined
Nov 26, 2016
Messages
565
Points
28
Dr. McKay
Thanks for sharing the great guide! I didn't think it is pretty complex like this and requiring many configurations to secure Wordpress login page with fail2ban. I will need to test on my cPanel and see how it works.

By the way, how can I limit number of failed logins with Wordpress wp-admin on Plesk. I tried to find this on Plesk but didn't see an option to change.
 
Newer Threads
Replies
11
Views
5,806
Replies
5
Views
3,014
Replies
0
Views
1,424
Replies
9
Views
2,778
Replies
2
Views
1,168
Recommended Threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top