fail2ban for Wordpress sites on cPanel?

Dr. McKay

Well-known member
Joined
Nov 26, 2016
Messages
299
Best answers
0
Ratings
17
Points
18
#1
I have seen fail2ban installed on my Plesk hosting control panel and it blocked users that attempting to login into wp-admin. I like this feature on Plesk and wanted to install or have it on cPanel for my Wordpress sites to. How to achieve this? any guide? thanks in advance!
 

VirtuBox

Global Mod
Staff Member
Joined
May 3, 2016
Messages
1,503
Best answers
4
Ratings
382 10
Points
83
#2
Hello @Dr. McKay,
to do the same on cPanel, you have to create a similar fail2ban configuration on your server (you cannot use the same configuration than on your Plesk server because cPanel do not use the same folders to store access_logs).

I will give you an example I use on my servers, you will just have to adapt it to use it with cPanel

With fail2ban, you need to create a filter (a way to detect a bruteforce attack), and a jail (the common configuration for fail2ban, with the path of access_logs , what to do in case of bruteforce, and a name to identify for what reason an IP was banned).

Adding a filter

To create a WordPress Jail, you have to create a new filter, it mean creating a new file in /etc/fail2ban/filter.d/, in my example, I named it ee-wordpress.conf :
Bash:
[Definition]
failregex = ^<HOST>.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200
ignoreregex =
This filter will detect each tentative (successfull or not) of login into WordPress.

Adding a jail

Then you can create your jail to use the filter previously added, by creating a new file in /etc/fail2ban/jail.d/, in my example I created a file named wp.conf :
Bash:
[ee-wordpress]
enabled = true
filter = ee-wordpress
action = iptables-multiport[name="ee-wordpress", port="http,https"]
logpath = /var/log/nginx/*access.log
maxretry = 5
Here, the jail name is ee-wordpress (because it come from my configuration repository for servers running with EasyEngine).
  • It use the filter ee-wordpress previously created,
  • after 5 tentatives of login by the same IP (detected by reading nginx logs in /var/log/nginx/*access.log) it will ban the IP
  • To ban an IP, it will use the action iptables-multiport available by default with fail2ban to deny access to the port 80 & 443 (http and https)
  • It can be disabled by replacing enabled = true by enabled = false
The last step to enable your jail, is to reload fail2ban with the command :
Bash:
fail2ban-client reload
 

Dr. McKay

Well-known member
Joined
Nov 26, 2016
Messages
299
Best answers
0
Ratings
17
Points
18
#3
Dr. McKay
Thanks for sharing the great guide! I didn't think it is pretty complex like this and requiring many configurations to secure Wordpress login page with fail2ban. I will need to test on my cPanel and see how it works.

By the way, how can I limit number of failed logins with Wordpress wp-admin on Plesk. I tried to find this on Plesk but didn't see an option to change.
 
Newer Threads
Replies
11
Views
227
Replies
5
Views
156
Replies
0
Views
113
Replies
7
Views
118
Replies
2
Views
58
Latest Threads
Recommended Threads

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Top