Hi kranzoky,
it is very easy to protect wordpress with fail2ban. I wrote a german article about that on https://www.ionas-server.com/blog/fail2ban-schutz-vor-brute-force-angriffen/. But here is the short version in english:
0) install this plugin wp-fail2ban on your wordpress instance.
1) install fail2ban on your linux server
2) create a filter for wordpress “wordpress.conf”. You can download the file under: http://plugins.svn.ww.wp.xz.cn/wp-fail2ban/trunk/wordpress.conf
3) add the filter to the jail.conf of fail2ban and then activate it.
If you don’t understand the german blog entry. Please write me an email.
One important hint: don’t forget to “ignore your own ip” in fail2ban. Otherwise you ban yourself very fast. 🙂
Best regards
Christoph
@ christophdb I don’t really understand your reply or your blog post, isn’t that article simply explaining how to use the wp-fail2ban plugin?
The other person (kranzoky) asked how to block IPs after too many requests not failed logins or am I missing something here?
Hi Ovidiu,
yes it is right that one part of the article is the explanation how to use the fail2ban plugin.
But the other part is a general explanation how to use fail2ban. Therefore if for example kranzoky gets a lot of requests but no logins this should be visible in some log files. Then define a rule for example with a very high count number to block and the problem can be solve to.
Best regards
Christoph
Ah, thanks, I understand. I missed the connection here.
