WP-Fail2ban Setup Guide

This guide is based on CentOS 7

Install Fail2ban:

  1. Download fail2ban from Github releases:  https://github.com/fail2ban/fail2ban
  2. Unzip and run “sudo python setup.py install”
  3. Check if service is installed correctly: “service fail2ban start”
    1. If getting an error “unit not found”, go to the directory where the fail2ban is unzipped, find “fail2ban.service” under the folder “build”
    2. Run command: “cp fail2ban.service /etc/systemd/system/fail2ban.service”
    3. Run command: “systemctl enable fail2ban.service”

Install WP-Fail2ban plugins:

  1. Login WordPress with admin account
  2. Download the plugins: https://wordpress.org/plugins/wp-fail2ban/
  3. Use any media (ftp, scp, whatever), upload the unzipped folder to “[your_WordPress_directory]/wp_content/plugins/”
  4. Enable it from the WordPress portal
  5. Copy *.conf from the “filter.d” folder inside the “wp-fail2ban” folder, to “/etc/fail2ban/filter.d/”
  6. Touch “wordpress.conf” in “/etc/fail2ban/jail.d/”, edit it
  7. Copy and paste the following to wordpress.conf
  8. [wordpress-hard]
    enabled = true
    filter = wordpress-hard
    logpath = /var/log/messages
    maxretry = 1
    port = http,https

    [wordpress-soft]
    enabled = true
    filter = wordpress-soft
    logpath = /var/log/messages
    maxretry =
    port = http,https

  9. Adjust the maximum attempts in “maxretry = “
  10. Run “service fail2ban restart” and you are good to go!

 

References:

https://www.xreflow.co.uk/wordpress-fail2ban-centos-7-el7/

http://www.techken.in/linux/how-to-create-custom-systemd-service-in-centos-7-linux/

Leave a Reply

Your email address will not be published. Required fields are marked *