Security Blog
Security Blog

How to protect WordPress with Fail2Ban


Using WP Cerber and Fail2Ban together you can reinforce protection at the most effective level. That allows you to protect site from Brute-force and some DDOS attacks at OS level with iptables.

Note: you need root access to your Linux server to setup Fail2Ban.

With WP Cerber security plugin you have three options to use Fail2Ban

  1. Using HTTP 403 response headers if you want to monitor Apache access log
  2. Using syslog files to monitor failed login attempts
  3. Using specified custom log file to monitor failed login attempts

Let’s look at the details.

Monitor Apache access log for HTTP 403 responses

When attempt to login fails WP Cerber provides returning 403 response in the HTTP header. That response will be written in the Apache access log and those records may be monitored by Fail2Ban. That behavior of WP Cerber is enabled by default. The downside to this approach is that Fail2Ban has to parse the entire access.log in order to find those attempts.

Using syslog to monitor failed login attempts

By default, WP Cerber uses LOG_AUTH facility for logging failed attempts to the syslog file. However, you can use your own value for facility. To setup new value you have to define CERBER_LOG_FACILITY constant with integer value. To enable writing to the syslog or custom file (see below) you need to check Write failed login attempts to the file in the Activity section of settings.

define('CERBER_LOG_FACILITY', LOG_AUTHPRIV);

Using custom log file to monitor failed login attempts

If you want to write all failed attempts to any custom log file you need to specify a file name with absolute path using constant CERBER_FAIL_LOG. Don’t forget set write permission for Apache proccess on the folder or log file and check Write failed login attempts to the file. If the file does not exist, WP Cerber attempts to create it. If the CERBER_FAIL_LOG is defined, WP Cerber will not write messages to the default syslog.

define('CERBER_FAIL_LOG','/var/log/fail2ban.log');

Additional info:

https://timnash.co.uk/using-fail2ban-wordpress/

http://www.fail2ban.org

https://www.digitalocean.com/community/tutorials/how-fail2ban-works-to-protect-services-on-a-linux-server

Last posts from WordPress security blog


I’m a self-employed developer who builds software products and services using WordPress. I’m available for hire and enjoy partnering with others for interesting and challenging projects. If you’re interested in hiring me, feel free to contact me.

View Comments
There are currently no comments.