How to block Brute force Attack on WordPress , Joomla in Fail2ban

Clients who use fail2ban can block the bruteforce attack on wp-login.php and joomala admin using the below details.

In /etc/fail2ban/jail.conf add the below details

[wordpress-wp-login]
enabled = true
port = http,https
action = iptables[name=WP, port=http, protocol=tcp]
 sendmail-whois[name=wordpress-wp-login, dest=alerts@domain.com] 
filter = wordpress-wp-login
logpath = /var/www/vhosts/*/statistics/logs/access_log
maxretry = 3
[joomla-admin-index]
enabled = true
port = http,https
action = iptables[name=JOOMLA, port=http, protocol=tcp]
 sendmail-whois[name=joomla-admin-index, dest=alerts@domain.com] 
filter = joomla-admin-index
logpath = /var/www/vhosts/*/statistics/logs/access_log
maxretry = 3

“logpath” should be changed as per your installtion. The above one is for a plesk server.

replace alerts@domain.com with your email address

Now needs to create 2 conf files in /etc/fail2ban/filter.d like the below.

# cat /etc/fail2ban/filter.d/wordpress-wp-login.conf

# Fail2Ban configuration file
[Definition]
failregex = <HOST>.*] "POST /wp-login.php
ignoreregex =

# cat /etc/fail2ban/filter.d/joomla-admin-index.conf

# Fail2Ban configuration file
[Definition]
failregex = <HOST>.*] "POST /administrator/index.php
ignoreregex =

After the changes, restart Fail2ban.

Facebook Comments