Description
Fail2Ban is open-source software that helps protect Linux-based web servers against security threats such as DDoS, and brute-force attacks. It works by monitoring system logs for any malicious activity and scanning files for any entries matching identified patterns. If Fail2Ban detects a spike of failed login attempts, it will automatically add new firewall rules to iptables and block the source IP address for a specified time.
Fail2Ban can also be used in conjunction with AbuseIPDB to automatically report malicious IP addresses.
Fail2Ban can be configured to protect WordPress in the following way:
- WordPress Hard – immediately blocking all IP addresses that match malicious patterns.
- WordPress Soft – evaluating all behaviour (ie. user logins) against known patterns and selectively blocking based on repeated attempts.
Description of Change
The change consists of the following activities:
- You will be required to backup your server before work commences.
- Access server by means of SSH (this is often through your cloud VPS interface).
- Access website by means of Admin backend
- Install WP Fail2Ban Redux plugin on one website
- Install Code Snippets plugin on one website, and add the following snippets:
- wp_fail2ban_redux_block_user_enumeration
- wp_fail2ban_redux_blocked_users
- wp_fail2ban_redux_log_pingbacks
- Install Fail2Ban on one linux web server
- Configure Fail2Ban with WordPress Hard and WordPress Soft filters
- Configure Fail2Ban with an AbuseIPDB API key (optional)
- Install Fluent Auth (optional) to monitor access
- Admin access is temporary and you may remove this access once installation is complete.
Do-It-Yourself
Want to do this yourself? See our FastFwd guide:
https://www.fastfwd.co.za/blog/how-to-install-fail2ban-redux/