Wordpress Prevent brute forcing my wordpress

fail2ban can be configured for wordpress brute force login attacks too but most guides leverage iptables directly which should still work. I am working on fail2ban with interface with csf firewall (which is a wrapper for iptables anyway) but that's for later dev work.

@Revenge has a few nuggets of wisdom at for wordpress pingback attacks specifically but there's rules you can do for failed logins as well around the internet

• https://community.centminmod.com/posts/35788/ but need to change logpath = /var/log/nginx/access.log to your nginx vhost's access.log
• https://community.centminmod.com/posts/30052/

example of a filter file you can create in /etc/fail2ban/filter.d/wordpress-auth.conf for wordpress authentication would be

Code (Text):

[Definition]
failregex = ^<HOST> .* "POST /wp-login.php.*HTTP/.*" 401 .*$
ignoreregex =

with jail.local rule

Code (Text):

[wordpress-auth]
enabled = true
filter = wordpress-auth
action = csfdeny[name=wordpress-auth]
logpath = /home/nginx/domains/*/log/access.log
port = http,https
maxretry = 3
findtime = 60

but i use a custom csfdeny action rule /etc/fail2ban/action.d/csfdeny.conf instead of iptables, so might need to adjust it for iptables.

i.e. /etc/fail2ban/action.d/csfdeny.conf

Code (Text):

[Definition]
actionstart =
actionstop =
actioncheck =
actionban = csf -d <ip> Added by Fail2Ban for <name>
actionunban = csf -dr <ip>
[Init]
name = default

No guarantees mine works as still in development

Wordpress also has plugins to log and block failed login attempts. Centmin.sh menu option 22 install should by default install such a plugin too which you can configure or have seeing as you got email alerts.