Skip to content

Instantly share code, notes, and snippets.

@mikedhanson
Last active February 13, 2022 21:16
Show Gist options
  • Save mikedhanson/a5cfb372ba45cf816c6bd42a29c09a61 to your computer and use it in GitHub Desktop.
Save mikedhanson/a5cfb372ba45cf816c6bd42a29c09a61 to your computer and use it in GitHub Desktop.
Setting up fail2ban with LE/NGINX/WP
title date
Setting up fail2ban with LE/NGINX/WP
2019-12-27

NOTICE:

This tutorial is assuming that you are using the Swag docker container through UnRaid. If you are, then lets proceed.

1. Edit jail.local

At the bottom of the file, add the following block of code.

[wordpress] enabled = true port = http,https filter = wordpress-auth logpath = /config/log/nginx/access.log maxretry = 3 bantime = 3600 ignoreip = 192.168.1.0/24

2. Edit filters

Inside the filter.d directory create a new config file called "wordpress-auth.conf"

Within that file add the following code:

[Definition]

failregex = .*POST.*(wp-login.php|xmlrpc.php).* (403|200)

You might have noticed that I added 403 reponse code to the regex expression. By default a failed authentication to /wp-admin returns a 200, however, I set up a custom return code for failed authentication to return a 403. 

Inside the "wwwrootwp-contentmu-plugins" directory, I created a file called login_helper.php with the following code.

/* Return 403 instead of 200 when wp-login failed */

add_action( 'wp_login_failed', function () {      status_header(403); } );

3. Reload Swag Docker

You should now be seeing content within the log files under Swag/log

Here you can see a list of IPs that tried to hit /wp-admin on my site but were unable to. Click here to see how to block all public IPs using Nginx. 

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment