To add on to my previous post (Block SMTP Relays with Fail2Ban), this is a write up to use Fail2Ban to block bad WordPress Admin login attempts by looking at your Apache access log for 500 and 403 HTTP responses.
You may want to use a maxretry of 3 so you don’t lock yourself out, or set a minimal ban time
Add a section for [wordpress]
[wordpress] enabled = true port = http,https filter = wordpress logpath = /var/log/apache2/access.log maxretry = 3 findtime = 60 bantime = 720
Now create /etc/fail2ban/filter.d/wordpress.conf
[Definition] failregex = ^.*:(80|443) <HOST> .*(GET|POST) .*/wp-login.php.* (500|403) .*$ ^.*:(80|443) <HOST> .*(GET|POST) .*/xmlrpc.* (500|403|200) .*$ignoreregex =
Save the config file and run from the shell prompt:
sudo service fail2ban restart
If you use Munin, you should see at least a couple entries within a day or so.
That’s it! If this helped you, please comment below.
If this little writeup helped you, please consider making a donation to help cover operating expenses.