Stop worrying about your server.
cPanel/Plesk Server Management for just $59/mo with Unlimited tickets, Unlimited admin hours, Security audits, 24×7 monitoring and lot more
Install fail2ban and secure WordPress login page:
Recently we can see that there are different attacks towards WordPress login pages and the attackers will try different passwords to access WordPress admin. In this case we can use the fail2ban service and configure it to block the IP address that is trying to access WordPress with wrong passwords.
For installing fail2ban on Centos server you need to download the EPEL repository,
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
After that for installing fail2ban use the command,
yum install fail2ban
Now the fail2ban will be installed on your server, this works with the help of Iptables. So make sure that Iptables is enabled and working properly on the server.
Now we need to create rules for blocking access towards WordPress login page using wrong passwords.
For that add the following lines to /etc/fail2ban/jail.conf,
[apache-wp-login] enabled = true port = http,https action = iptables[name=WP, port=http, protocol=tcp] filter = apache-wp-login logpath = /var/www/vhosts/*/statistics/logs/access_log maxretry = 3
The log path should include every access log on your server, or at least the WordPress ones, here it is the plesk’s access log. You can also adjust the maxretry option.
After this create a file,
and add the following rules to it,
# Fail2Ban configuration file [Definition] failregex = <HOST>.*] "POST /wp-login.php ignoreregex =
Now restart the fail2ban service using command,
service fail2ban restart
It’s done now
If you need our help to fix any issues on your server. Please feel free to contact us, simply email to [email protected]
Monthly server support with Unlimited tickets, 24×7 monitoring, Security Audit and lot more for just $59