fail2ban for Wordpress sites on cPanel?

Dr. McKay

Well-known member
Joined
Nov 26, 2016
Messages
339
Best answers
0
Ratings
22
Points
18
#1
I have seen fail2ban installed on my Plesk hosting control panel and it blocked users that attempting to login into wp-admin. I like this feature on Plesk and wanted to install or have it on cPanel for my Wordpress sites to. How to achieve this? any guide? thanks in advance!
 

VirtuBox

Global Mod
Staff Member
Joined
May 3, 2016
Messages
1,517
Best answers
4
Ratings
392 12
Points
83
#2
Hello @Dr. McKay,
to do the same on cPanel, you have to create a similar fail2ban configuration on your server (you cannot use the same configuration than on your Plesk server because cPanel do not use the same folders to store access_logs).

I will give you an example I use on my servers, you will just have to adapt it to use it with cPanel

With fail2ban, you need to create a filter (a way to detect a bruteforce attack), and a jail (the common configuration for fail2ban, with the path of access_logs , what to do in case of bruteforce, and a name to identify for what reason an IP was banned).

Adding a filter

To create a WordPress Jail, you have to create a new filter, it mean creating a new file in /etc/fail2ban/filter.d/, in my example, I named it ee-wordpress.conf :
Bash:
[Definition]
failregex = ^<HOST>.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200
ignoreregex =
This filter will detect each tentative (successfull or not) of login into WordPress.

Adding a jail

Then you can create your jail to use the filter previously added, by creating a new file in /etc/fail2ban/jail.d/, in my example I created a file named wp.conf :
Bash:
[ee-wordpress]
enabled = true
filter = ee-wordpress
action = iptables-multiport[name="ee-wordpress", port="http,https"]
logpath = /var/log/nginx/*access.log
maxretry = 5
Here, the jail name is ee-wordpress (because it come from my configuration repository for servers running with EasyEngine).
  • It use the filter ee-wordpress previously created,
  • after 5 tentatives of login by the same IP (detected by reading nginx logs in /var/log/nginx/*access.log) it will ban the IP
  • To ban an IP, it will use the action iptables-multiport available by default with fail2ban to deny access to the port 80 & 443 (http and https)
  • It can be disabled by replacing enabled = true by enabled = false
The last step to enable your jail, is to reload fail2ban with the command :
Bash:
fail2ban-client reload
 

Dr. McKay

Well-known member
Joined
Nov 26, 2016
Messages
339
Best answers
0
Ratings
22
Points
18
#3
Dr. McKay
Thanks for sharing the great guide! I didn't think it is pretty complex like this and requiring many configurations to secure Wordpress login page with fail2ban. I will need to test on my cPanel and see how it works.

By the way, how can I limit number of failed logins with Wordpress wp-admin on Plesk. I tried to find this on Plesk but didn't see an option to change.
 
Newer Threads
Replies
11
Views
376
Replies
5
Views
223
Replies
0
Views
168
Replies
7
Views
163
Replies
2
Views
81
Latest Threads
Replies
4
Views
34
Replies
9
Views
85
Replies
0
Views
28

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top