Install and configure Fail2Ban

Description

Fail2Ban is open-source software that helps protect Linux-based web servers against security threats such as  DDoS, and brute-force attacks. It works by monitoring system logs for any malicious activity and scanning files for any entries matching identified patterns. If Fail2Ban detects a spike of failed login attempts, it will automatically add new firewall rules to iptables and block the source IP address for a specified time.

Fail2Ban can also be used in conjunction with AbuseIPDB to automatically report malicious IP addresses.

Fail2Ban can be configured to protect WordPress in the following way:

• WordPress Hard – immediately blocking all IP addresses that match malicious patterns.
• WordPress Soft – evaluating all behaviour (ie. user logins) against known patterns and selectively blocking based on repeated attempts.

Description of Change

The change consists of the following activities:

• You will be required to backup your server before work commences.
• Access server by means of SSH (this is often through your cloud VPS interface).
• Access website by means of Admin backend
• Install WP Fail2Ban Redux plugin on one website
• Install Code Snippets plugin on one website, and add the following snippets:
  • wp_fail2ban_redux_block_user_enumeration
  • wp_fail2ban_redux_blocked_users
  • wp_fail2ban_redux_log_pingbacks
• Install Fail2Ban on one linux web server
• Configure Fail2Ban with WordPress Hard and WordPress Soft filters
• Configure Fail2Ban with an AbuseIPDB API key (optional)
• Install Fluent Auth (optional) to monitor access
• Admin access is temporary and you may remove this access once installation is complete.

Do-It-Yourself

Want to do this yourself? See our FastFwd guide:

https://www.fastfwd.co.za/blog/how-to-install-fail2ban-redux/