How to block Brute force Attack on WordPress , Joomla in Fail2ban
Clients who use fail2ban can block the bruteforce attack on wp-login.php and joomala admin using the below details.
In /etc/fail2ban/jail.conf add the below details
[wordpress-wp-login] enabled = true port = http,https action = iptables[name=WP, port=http, protocol=tcp] sendmail-whois[name=wordpress-wp-login, dest=alerts@domain.com] filter = wordpress-wp-login logpath = /var/www/vhosts/*/statistics/logs/access_log maxretry = 3
[joomla-admin-index] enabled = true port = http,https action = iptables[name=JOOMLA, port=http, protocol=tcp] sendmail-whois[name=joomla-admin-index, dest=alerts@domain.com] filter = joomla-admin-index logpath = /var/www/vhosts/*/statistics/logs/access_log maxretry = 3
“logpath” should be changed as per your installtion. The above one is for a plesk server.
replace alerts@domain.com with your email address
Now needs to create 2 conf files in /etc/fail2ban/filter.d like the below.
# cat /etc/fail2ban/filter.d/wordpress-wp-login.conf
# Fail2Ban configuration file [Definition] failregex = <HOST>.*] "POST /wp-login.php ignoreregex =
# cat /etc/fail2ban/filter.d/joomla-admin-index.conf
# Fail2Ban configuration file [Definition] failregex = <HOST>.*] "POST /administrator/index.php ignoreregex =
After the changes, restart Fail2ban.
Facebook Comments