Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Fail2Ban WP Auth
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Fail2Ban WP Auth

Anyone got a Fail2Ban WP Auth rule to get rid of bruteforces who try to break into the blog?

I am using Nginx.

Comments

  • wychwych Member

    I used it a while back? What do you want to know about it?

  • @SandwichBagGhost said:
    Anyone got a Fail2Ban WP Auth rule to get rid of bruteforces who try to break into the blog?

    I am using Nginx.

    Why not just completely disable the login page from the public world? That's much more secure, and would reduce your server load dramatically.

    Thanked by 1jar
  • charliecharlie Member, Host Rep
  • GoodHosting said: Why not just completely disable the login page from the public world? That's much more secure, and would reduce your server load dramatically.

    1. Dynamic IP addresses
    2. We have authors that have to login (not only admins)
    3. We allow registrations and login to be able to see certain content and comment

    wych said: I used it a while back? What do you want to know about it?

    I need a custom rule that would tell fail2ban to check for a lot of failed login attempts in logs of Nginx that are going to wp-login.php as it's the login file for everyone.

    @charlie: Hopefully it'll work without much hassle and reconfiguration. I currently have a login logger and a BruteProtect plugin.

  • wychwych Member

    I do remember it being simple to setup @SandwichBagGhost.

  • jarjar Patron Provider, Top Host, Veteran

    I always set a server level password that's stupid simple. The point isn't complicating, it's preventing the bots from making their successful POST. But fail2ban works wonders as well.

  • I use Nginx's request limit module to significantly restrict requests to the wp-login.php file. I only have a handful of users on the sites I manage, so I have the limit set to be pretty restrictive. It works well, automatically, and effectively limits brute force attempts. You can also allow bursts before the limiting take effect so it doesn't interfere with regular users' logins.

    Thanked by 2SandwichBagGhost jar
  • M66BM66B Veteran

    Although this is based on nginx, my best guess is it will work for Apache too.
    I can also tell you this is quite effective and that fail2ban has to work hard :-)
    Note that I am using the latest beta of fail2ban, which has persistent bans:
    https://github.com/fail2ban/fail2ban/blob/master/ChangeLog

    jail.local:

    [DEFAULT] maxretry = 3 findtime = 3660 bantime = 259200

    [wordpress-auth] enabled = true port = http,https filter = wordpress-auth logpath = /var/log/nginx/access.log

    [wordpress-register] enabled = true port = http,https filter = wordpress-register logpath = /var/log/nginx/access.log

    [wordpress-xmlrpc] enabled = true port = http,https filter = wordpress-xmlrpc logpath = /var/log/nginx/access.log

    Filter wordpress-auth:

    [Definition] failregex = ^<HOST> .* "POST /wp-login.php.*HTTP/.*" 401 .*$ ignoreregex =

    Filter wordpress-register:

    [Definition] failregex = ^<HOST> .* "GET /wp-login.php\?action=register HTTP/.*" .*$ ignoreregex =

    Filter wordpress-xmlrpc:

    [Definition] failregex = ^<HOST> .*POST .*xmlrpc\.php.* ignoreregex =

    Thanked by 1SandwichBagGhost
  • M66BM66B Veteran

    I forgot you need this WP patch: https://core.trac.wordpress.org/ticket/25446

    Thanked by 1SandwichBagGhost
  • @M66B

    I am using Nginx and what you posted was right what I was looking for. Thanks.

    Thanked by 1orak
Sign In or Register to comment.