Stop/Block Apache/Nginx hack attempts with fail2ban

Screen Shot 2014-03-02 at 10.23.25

Here is a useful quick post to stop hack attempts to your WordPress web server like wp-login brute force and xmlrpc exploits attacks.

First of all, install the package “fail2ban“:

sudo apt-get install fail2ban

Then add these two rules to your jail file on /etc/fail2ban/jail.conf

enabled = true
port = http,https
filter = apache-xmlrpc
logpath = /var/log/nginx/*access.log
maxretry = 6 [web-wplogin]
enabled = true
port = http,https
filter = apache-wplogin
logpath = /var/log/nginx/*access.log
maxretry = 2
bantime = 86400
findtime = 600

Please change the logpath according to your web servers access logs

Now add two files on /etc/fail2ban/filter.d like web-wplogin.conf and web-xmlrpc.conf with respectively:

failregex = ^ -.*"POST /wp-login.php HTTP/1..*"
ignoreregex =


failregex = ^ .*POST .*xmlrpc.php.*
ignoreregex =

Restart fail2ban and wait, you can tail the log in the meanwhile:

tail -f /var/log/fail2ban.log

If you wanna check or manage the bans you can play with the fail2ban-client command.

Have fun.

Post simili:

If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.