Admin... by accident!

You may have chosen to be an admin. I didn't!

  • Home
  • FreeBSD
  • GNU/Linux
  • Security
  • Network
  • Virtualization
  • Politics
  • Github
  • Donate
  • Me

How to use Fail2ban with WordPress

September 24, 2018 by Albert Valbuena

In a previous article we did an install of Fail2ban on a FreeBSD server. This tool can help us to protect our WordPress install, independatly from if we are using the FAMP stack or the LAMP stack. As I mentioned on that article Fail2ban is a complementary tool to our firewall. It works by scanning log files and banning IPs suspicious activity reflected on those very logs. If this is the first contact you have with the tool I encourage you to read that article so you get the whole idea.

On that occasion we protected SSH connections. Now we will use Fail2ban with WordPress so we will protect at least https connections. If we are still using plain http we can do that too, but if you are login into systems withouth any encryption you will easily get in trouble some time down the road if you haven’t had any already. Here there’s a guide for you if you haven’t enabled that on your WordPress site yet provided you have already done that on your web server!.

If you find the articles in Adminbyaccident.com useful to you, please consider making a donation.

If you have already installed Fail2ban in your system the following procedure will be familiar to you. But do not worry if you haven’t, I have written it for first timers too. I happen to use FreeBSD a lot so I will use the tools in this system. UNIX-like systems do not differ much between them. So when looking for a package we use the pkg tool, instead of the apt from Ubuntu, the zypper on or the yum in CentOS. Configuration paths are a bit different though. On Linux everything falls into the /etc directory. For us that is only for system files, applications such as Apache or Fail2ban go to /usr/local/etc. That’s it.

So we get into our system.

Politburo@CCCP:~ % uname -a

FreeBSD CCCP 11.2-RELEASE-p2 FreeBSD 11.2-RELEASE-p2 #0: Tue Aug 14 21:45:40 UTC 2018 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64

Politburo@CCCP:~ %

We look for the Fail2ban package.

Politburo@CCCP:~ % pkg search fail2ban

py27-fail2ban-0.10.1_1 Scans log files and bans IP that makes too many password failures

py36-fail2ban-0.10.1_1 Scans log files and bans IP that makes too many password failures

Politburo@CCCP:~ %

I do the install for the package using Python3.

Politburo@CCCP:~ % sudo pkg install py36-fail2ban-0.10.3.1_1

Updating FreeBSD repository catalogue...

FreeBSD repository is up to date.

All repositories are up to date.

The following 4 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:

py36-fail2ban: 0.10.3.1_1

python36: 3.6.6_1

py36-setuptools: 40.0.0

py36-sqlite3: 3.6.6_7

Number of packages to be installed: 4

The process will require 108 MiB more space.

16 MiB to be downloaded.

Proceed with this action? [y/N]: y

.......

some amount of output

Politburo@CCCP:~ %

On FreeBSD we chan choose between two packages. I’ve chosen the one running with Python3. This may not be the case with other distros, where there may be only one option. Both work the same, so no worries.

Fail2ban allows you to protect services giving those one configuration file inside the jail.d directory. Do not get confused with FreeBSD jails, that’s another story not related to this. Placing this files in the jail.d directory you can set different services and different policies for each. We will now create that file into that directory in order to use Fail2ban with WordPress.

Politburo@CCCP:~ % sudo vi /usr/local/etc/fail2ban/jail.d/wordpress-auth.conf

Inside this file we’ll put the following rules:

[wordpress]
enabled = true
port = http,https
filter = wordpress
action = ipfw[name=wordpress, port="http,https", protocol=tcp]
logpath = /var/log/yourlogfile_log
maxretry = 3
findtime = 10800
bantime = 86400

Notice the action rule, where you need to call out the firewall you are using. On Linux you would be calling iptables, but on FreeBSD you may be using ipfw like in this case, the great pf or even ipfilter since in FreeBSD you can choose among three different firewalls.

Next step. Fail2ban incorporates a directory where it has some configuration files already in place. However WordPress is not present, so we will create that file with very simple instructions.

Politburo@CCCP:~ % sudo vi /usr/local/etc/fail2ban/filter.d/wordpress.conf

Put these rules in:

[Definition]

failregex = <HOST>.*] "POST /wp-login.php

Now. Since we are in FreeBSD land we have to make the service run and make it permanent. So we will issue the following command (Linux users don’t do this!).

Politburo@CCCP:~ % sudo sysrc fail2ban_enable="YES"

fail2ban_enable: -> YES

Politburo@CCCP:~ %

Linux users may have only to restart fail2ban by typing something similar to:

sudo service fail2ban restart

If your distro happens to use Systemd it may be something similar to:

sudo systemctl restart fail2ban

Now if you want to check Fail2ban in action try to log in to your WordPress more than 3 times. On the fourth attempt you should receive a denial and a timeout. If you want it to be a short ban time, let’s say for the next 15 minutes, the figure to place in the bantime rule should be 900 seconds. Enjoy your waiting.

You can also use the fail2ban client program to check the bans in your system by typing this command:

sudo fail2ban-client status wordpress

So this is all in this how to use Fail2ban with WordPress guide. I hope it’s been useful for you and you have a safer site now.

This same setup can be built in DigitalOcean. Use this link to get 100 $ credit at DOcean and support Adminbyaccident.com hosting costs.

Filed Under: How To's, How To's, Security

Recent Posts

  • How to install ModSecurity 3 on FreeBSD
  • How to replace a disk on a ZFS mirror pool
  • How to install Webmin on FreeBSD 12
  • How to patch OpenSSH in FreeBSD 12.2
  • The CentOS party is over, isn’t it?
  • Donation Time 2020
  • How to configure TLS 1.2 on UNIX or GNU/Linux
  • How to install the Clamav antivirus on CentOS 8
  • 100 articles mark at Adminbyaccident.com
  • How to analyze suspicious email
  • How to work with Nessus scan results
  • How to install Ansible on FreeBSD
  • How to secure the ELK stack on CentOS 8
  • How to mirror disks on FreeBSD’s ZFS
  • Nmap cheatsheet
  • Nessus vulnerability scanner
  • How to install the ELK stack on CentOS 8
  • How to install OSSEC agents on Windows
  • Exploiting CVE-2019-0708 Remote Desktop Protocol on Windows
  • Microsoft’s Patch Tuesday – April 2020

Archives

  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • September 2018
  • June 2018
  • May 2018
  • April 2018
  • February 2018
  • January 2018
  • November 2017
  • April 2017

Copyright © 2021 · Magazine Pro Theme on Genesis Framework · WordPress · Log in