How to use fail2ban to protect WordPress login page

Fail2Ban scanning /var/log/auth.log Such log files , And forbid IP Address has too many failed login attempts . It updates the system firewall rules to reject those from within a configurable time IP Address to achieve this . Fail2Ban Open the box , You can read many standard log files , for example sshd and Apache The file of , And it can be easily configured to read any log file you choose , To resolve any errors needed .

In this article , I introduced you how to use Fail2Ban Protect SSH service . Now? , I will guide you How to use Fail2Ban Protect WordPress The login page .

To work with WordPress Integrate , You need to WordPress Install in WP fail2ban plug-in unit .

After installation , Need to put WP fail2ban Plug in folder （ Usually located in wordpress/wp-content/plugins/wp-fail2ban） In the folder of wordpress.conf File copy to Fail2ban Folder （ be located /etc/fail2ban/filter.d）. And then in /etc/fail2ban/jail.conf Editor in the middle Fail2ban To configure , Add to WordPress part ：

[wordpress] enabled = true filter = wordpress logpath = /var/log/auth.log port = http,https maxretry = 5 findtime = 3600 bantime = 86400

This section writes all access errors /var/log/auth.log file , This filter is applicable to http and https. however , If in Web The server Cache agent is used in the configuration of , You also need to be WP fail2ban The plug-in specifies it , So that it begins to get the client address from the special header , instead of Frontend-proxy The address of . So , Please open the wp-config.php file , And add a containing agent The server Configured rows .

define(‘WP_FAIL2BAN_PROXIES’,‘127.0.0.1’); 127.0.0.1 is the address of the proxy server.

Now? , Restart Fail2ban：

service fail2ban restart