Hello
@Dr. McKay,
to do the same on cPanel, you have to create a similar fail2ban configuration on your server (you cannot use the same configuration than on your Plesk server because cPanel do not use the same folders to store access_logs).
I will give you an example I use on my servers, you will just have to adapt it to use it with cPanel
With fail2ban, you need to create a filter (a way to detect a bruteforce attack), and a jail (the common configuration for fail2ban, with the path of access_logs , what to do in case of bruteforce, and a name to identify for what reason an IP was banned).
Adding a filter
To create a WordPress Jail, you have to create a new filter, it mean creating a new file in
/etc/fail2ban/filter.d/, in my example, I named it ee-wordpress.conf :
Bash:
[Definition]
failregex = ^<HOST>.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200
ignoreregex =
This filter will detect each tentative (successfull or not) of login into WordPress.
Adding a jail
Then you can create your jail to use the filter previously added, by creating a new file in
/etc/fail2ban/jail.d/, in my example I created a file named wp.conf :
Bash:
[ee-wordpress]
enabled = true
filter = ee-wordpress
action = iptables-multiport[name="ee-wordpress", port="http,https"]
logpath = /var/log/nginx/*access.log
maxretry = 5
Here, the jail name is ee-wordpress (because it come from my
configuration repository for servers running with EasyEngine).
- It use the filter ee-wordpress previously created,
- after 5 tentatives of login by the same IP (detected by reading nginx logs in /var/log/nginx/*access.log) it will ban the IP
- To ban an IP, it will use the action iptables-multiport available by default with fail2ban to deny access to the port 80 & 443 (http and https)
- It can be disabled by replacing enabled = true by enabled = false
The last step to enable your jail, is to reload fail2ban with the command :
