Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Fail2Ban WordPress XMLRPC Jail and Filter. Notes: log path is set for Plesk v12.x. Change this to appropriate path for your set up. Only works if WordPress is installed in webroot, edit the Filter failregex if installed in sub-directory.
enabled = true
filter = wp-xmlrpc
action = iptables-multiport[name=wp-xmlrpc, port="http,https"]
logpath = /var/www/vhosts/system/*/logs/*access*log
bantime = 86400
maxretry = 0
# Fail2Ban filter for WordPress XML-RPC
failregex = ^<HOST>.*] "POST /xmlrpc\.php.*
ignoreregex = ^<HOST>.*] "POST /xmlrpc\.php\?for=jetpack.*

This comment has been minimized.

Copy link

@apircalabu apircalabu commented May 5, 2020

This regex matches the entries for sub-directory installs too:
failregex = ^<HOST>.*] "POST (|.*)/xmlrpc\.php.*
ignoreregex = ^<HOST>.*] "POST (|.*)/xmlrpc\.php\?for=jetpack.*

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment