Want more timely Centmin Mod News Updates?
Become a Member

Wordpress Prevent brute forcing my wordpress

Discussion in 'Blogs & CMS usage' started by inthecloudblog, Jan 10, 2017.

  1. inthecloudblog

    inthecloudblog Active Member

    194
    36
    28
    Jan 26, 2016
    Ratings:
    +82
    Local Time:
    7:47 PM
    1.4.6
    Hi guys suddenly like 15 emails arrived to my inbox informing me of failed logins using administrator and several ips.
    If it would be the server alone I'd use a crazy password (as I'm doing), change port, use fail2ban and so on.
    Should I care about this?

    Apparently someone wants control of my WordPress. I'd appreciate ideas
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,947
    6,915
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,413
    Local Time:
    8:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    fail2ban can be configured for wordpress brute force login attacks too but most guides leverage iptables directly which should still work. I am working on fail2ban with interface with csf firewall (which is a wrapper for iptables anyway) but that's for later dev work.

    @Revenge has a few nuggets of wisdom at for wordpress pingback attacks specifically but there's rules you can do for failed logins as well around the internet
    example of a filter file you can create in /etc/fail2ban/filter.d/wordpress-auth.conf for wordpress authentication would be
    Code (Text):
    [Definition]
    failregex = ^<HOST> .* "POST /wp-login.php.*HTTP/.*" 401 .*$
    ignoreregex =
    

    with jail.local rule
    Code (Text):
    [wordpress-auth]
    enabled = true
    filter = wordpress-auth
    action = csfdeny[name=wordpress-auth]
    logpath = /home/nginx/domains/*/log/access.log
    port = http,https
    maxretry = 3
    findtime = 60
    

    but i use a custom csfdeny action rule /etc/fail2ban/action.d/csfdeny.conf instead of iptables, so might need to adjust it for iptables.

    i.e. /etc/fail2ban/action.d/csfdeny.conf
    Code (Text):
    [Definition]
    actionstart =
    actionstop =
    actioncheck =
    actionban = csf -d <ip> Added by Fail2Ban for <name>
    actionunban = csf -dr <ip>
    [Init]
    name = default
    

    No guarantees mine works as still in development

    Wordpress also has plugins to log and block failed login attempts. Centmin.sh menu option 22 install should by default install such a plugin too which you can configure or have seeing as you got email alerts.
     
    Last edited: Jan 10, 2017
    • Like Like x 2
  3. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    12:47 AM
    1
    10
    Why not just change wp-login file to another name, update your nginx conf with this change and any references of the file within wordpress, this is what i do
     
    • Like Like x 1
    • Informative Informative x 1
  4. deltahf

    deltahf Active Member

    216
    104
    43
    Jun 8, 2014
    Ratings:
    +161
    Local Time:
    5:47 PM
    I am also looking into two-factor authentication for my WordPress install. That provides an additional layer of protection, especially for administrator and editor accounts. Even if your passwords remains secure, other people who have permission to publish or edit posts on your site may have their credentials compromised.

    I'm a big fan of Authy; here is there official WordPress plugin. I haven't had a chance to try it out yet, but I will be giving it a go soon:

    Authy Two Factor Authentication — WordPress Plugins
     
    Last edited: Jan 15, 2017
    • Like Like x 1