Install and configure Fail2Ban

R1 500

Description

Fail2Ban is open-source software that helps protect Linux-based web servers against security threats such as  DDoS, and brute-force attacks. It works by monitoring system logs for any malicious activity and scanning files for any entries matching identified patterns. If Fail2Ban detects a spike of failed login attempts, it will automatically add new firewall rules to iptables and block the source IP address for a specified time.

Fail2Ban can also be used in conjunction with AbuseIPDB to automatically report malicious IP addresses.

Fail2Ban can be configured to protect WordPress in the following way:

  • WordPress Hard – immediately blocking all IP addresses that match malicious patterns.
  • WordPress Soft – evaluating all behaviour (ie. user logins) against known patterns and selectively blocking based on repeated attempts.

Description of Change

The change consists of the following activities:

  • You will be required to backup your server before work commences.
  • Access server by means of SSH (this is often through your cloud VPS interface).
  • Access website by means of Admin backend
  • Install WP Fail2Ban Redux plugin on one website
  • Install Code Snippets plugin on one website, and add the following snippets:
    • wp_fail2ban_redux_block_user_enumeration
    • wp_fail2ban_redux_blocked_users
    • wp_fail2ban_redux_log_pingbacks
  • Install Fail2Ban on one linux web server
  • Configure Fail2Ban with WordPress Hard and WordPress Soft filters
  • Configure Fail2Ban with an AbuseIPDB API key (optional)
  • Install Fluent Auth (optional) to monitor access
  • Admin access is temporary and you may remove this access once installation is complete.

Do-It-Yourself

Want to do this yourself? See our FastFwd guide:

https://www.fastfwd.co.za/blog/how-to-install-fail2ban-redux/