How to set up protection on Wordpress
Hello,
I would like to set up brute force protection for applications such as Wordpress.
I am currently using ConfigServer Security & Firewall - csf v8.16.
In Fail2Ban on Plesk, you can just set up a regex trigger in the domains access log directory such as:
I notice that similar logs in cPanel can be found in /home/*/access-logs/*. How can LFD be leveraged to ban multiple login failures or does LFD do this by default for applications such as Wordpress? Edit: I was thinking I could add /home/*/access-logs/* to the "lfd Log Scanner Files" list, but what LFD consider to be a "login failure"? How does it determine this?
failregex = .*\] \"POST .*\/wp-login.phpI notice that similar logs in cPanel can be found in /home/*/access-logs/*. How can LFD be leveraged to ban multiple login failures or does LFD do this by default for applications such as Wordpress? Edit: I was thinking I could add /home/*/access-logs/* to the "lfd Log Scanner Files" list, but what LFD consider to be a "login failure"? How does it determine this?
-
Hello :) It's unrelated to CSF/LFD, but you may find the following document helpful: Brute Force Attacks " WordPress Codex Thank you. 0 -
There is some relevant information in the last post of this thread: Block brute force on wordpress wp-login ? - ConfigServer Community Forum 0 -
I ended up doing the following: /usr/local/csf/bin/regex.custom.pm # wordpress if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) { return ("Failed Wordpress login from",$1,"wordpress","5","80,443","3600"); }
/etc/csf/csf.confCUSTOM1_LOG = "/home/*/access-logs/*"
Seems to work great, however I'm not sure how much load it would put on the server if there was a lot domains and therefore a lot of separate log files.0
Please sign in to leave a comment.
Comments
3 comments