Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Fail2Ban WordPress XMLRPC Jail and Filter. Notes: log path is set for Plesk v12.x. Change this to appropriate path for your set up. Only works if WordPress is installed in webroot, edit the Filter failregex if installed in sub-directory.
[wp-xmlrpc]
enabled = true
filter = wp-xmlrpc
action = iptables-multiport[name=wp-xmlrpc, port="http,https"]
logpath = /var/www/vhosts/system/*/logs/*access*log
/var/log/httpd/*access_log
bantime = 86400
maxretry = 0
# Fail2Ban filter for WordPress XML-RPC
[Definition]
failregex = ^<HOST>.*] "POST /xmlrpc\.php.*
ignoreregex = ^<HOST>.*] "POST /xmlrpc\.php\?for=jetpack.*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.