Here is a useful quick post to stop hack attempts to your WordPress web server like wp-login brute force and xmlrpc exploits attacks.
First of all, install the package “fail2ban“:
sudo apt-get install fail2ban
Then add these two rules to your jail file on /etc/fail2ban/jail.conf
[web-xmlrpc] enabled = true port = http,https filter = apache-xmlrpc logpath = /var/log/nginx/*access.log maxretry = 6 [web-wplogin] enabled = true port = http,https filter = apache-wplogin logpath = /var/log/nginx/*access.log maxretry = 2 bantime = 86400 findtime = 600
Please change the logpath according to your web servers access logs
Now add two files on /etc/fail2ban/filter.d like web-wplogin.conf and web-xmlrpc.conf with respectively:
[Definition] failregex = ^ -.*"POST /wp-login.php HTTP/1..*" ignoreregex =
and
[Definition] failregex = ^ .*POST .*xmlrpc.php.* ignoreregex =
Restart fail2ban and wait, you can tail the log in the meanwhile:
tail -f /var/log/fail2ban.log
If you wanna check or manage the bans you can play with the fail2ban-client command.
Have fun.
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.