As a measure of security I want to add WordPress to the fail2ban jails. For the record, we do employ wordfence as well as other plugins to assist with this. Today's effort is to stem the tide early in the process to take load off of PHP/WordPress.
I have reviewed the installation of fail2ban for SME and created a rule file and a custom template file following the qpsmtpd example.
I am not quite on friendly terms with regex, you might say. I would appreciate a 2nd pair of eyes on the script below. I don't want to tag more than is truly necessary.
# WordPress brute force auth filter: /etc/fail2ban/filter.d/wordpress.conf:
#
# Block IPs trying to auth wp wordpress
#
# Matches e.g.
# WW.XX.YY.ZZ - [07/Jun/2014:11:15:29] "POST /wp/wp-login.php HTTP/1.0" 200 4523
# WW.XX.YY.ZZ - [07/Jun/2014:11:15:29] "POST /wp/xmlrpc.php HTTP/1.0" 200 4523
#
[Definition]
failregex = <HOST>.*POST.*(wp-login\.php|xmlrpc\.php)
ignoreregex =
0 Replies
1902 Views