| title | date |
|---|---|
Setting up fail2ban with LE/NGINX/WP |
2019-12-27 |
This tutorial is assuming that you are using the Swag docker container through UnRaid. If you are, then lets proceed.
At the bottom of the file, add the following block of code.
[wordpress] enabled = true port = http,https filter = wordpress-auth logpath = /config/log/nginx/access.log maxretry = 3 bantime = 3600 ignoreip = 192.168.1.0/24
Inside the filter.d directory create a new config file called "wordpress-auth.conf"
Within that file add the following code:
[Definition]
failregex = .*POST.*(wp-login.php|xmlrpc.php).* (403|200)
You might have noticed that I added 403 reponse code to the regex expression. By default a failed authentication to /wp-admin returns a 200, however, I set up a custom return code for failed authentication to return a 403.
Inside the "wwwrootwp-contentmu-plugins" directory, I created a file called login_helper.php with the following code.
/* Return 403 instead of 200 when wp-login failed */
add_action( 'wp_login_failed', function () { status_header(403); } );
You should now be seeing content within the log files under Swag/log
Here you can see a list of IPs that tried to hit /wp-admin on my site but were unable to. Click here to see how to block all public IPs using Nginx.
