Introduction to Fail2Ban for WordPress
Fail2Ban is an open-source intrusion prevention tool that protects servers from brute-force attacks by monitoring log files and banning malicious IP addresses. It works by scanning logs for suspicious activity (such as repeated failed login attempts) and automatically blocking offending IPs using firewall rules.
Fail2Ban for WordPress is particularly useful in preventing unauthorized access to wp-login.php and xmlrpc.php, two common targets for hackers. In this guide, we’ll walk you through installing and configuring Fail2Ban on an Ubuntu server (including AWS Lightsail Bitnami stacks) to enhance your WordPress security.
Step 1: Install Fail2Ban
First, update your system and install Fail2Ban:
sudo apt-get update
sudo apt-get install fail2ban
Note: Bitnami stacks on AWS Lightsail don’t include Fail2Ban by default, so manual installation is required.
Step 2: Create a Fail2Ban Filter for WordPress
Since Bitnami logs WordPress requests differently, we need a custom filter.
Create a new filter file:
sudo nano /etc/fail2ban/filter.d/wordpress.conf
Add the following configuration:
[Definition]
failregex = ^<HOST> .* "(GET|POST) /+wp-login.php
^<HOST> .* "(GET|POST) /+xmlrpc.php
Save and exit (CTRL+X, then Y, then ENTER).
Step 3: Create a Jail for WordPress
Next, set up a jail to define how Fail2Ban should handle WordPress attacks:
sudo nano /etc/fail2ban/jail.d/wordpress.conf
Add the following rules:
[wordpress]
enabled = true
port = http,https
filter = wordpress
action = iptables-multiport[name=wordpress, port="http,https", protocol=tcp]
logpath = /opt/bitnami/apache2/logs/access_log
maxretry = 12
findtime = 120
bantime = 120
ignoreip = # Replace with your trusted IPs
maxretry: Number of failed attempts before a ban.findtime: Time window (in seconds) for max retries.bantime: Duration (in seconds) an IP remains banned.ignoreip: Whitelisted IPs that should never be banned.
Save and exit.
Step 4: Restart Fail2Ban
Apply the new configuration:
sudo systemctl restart fail2ban
Step 5: Enable Fail2Ban on Boot
Ensure Fail2Ban starts automatically after a reboot:
sudo systemctl enable fail2ban
Checking Banned IPs & Managing Fail2Ban
View Jail Status
Check active jails:
sudo fail2ban-client status
Check the WordPress jail specifically:
sudo fail2ban-client status wordpress
Unban an IP
If a legitimate user gets blocked, unban their IP:
sudo fail2ban-client set wordpress unbanip <IP_ADDRESS>Conclusion
By configuring Fail2Ban for WordPress, you significantly reduce the risk of brute-force attacks. Regularly monitor banned IPs and adjust settings as needed for optimal security.
For further hardening, consider:
