The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to set up protection on Wordpress

Discussion in 'Security' started by akust0m, Feb 25, 2016.

  1. akust0m

    akust0m Active Member

    Joined:
    Feb 19, 2016
    Messages:
    44
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Melbourne
    cPanel Access Level:
    Root Administrator
    Hello,

    I would like to set up brute force protection for applications such as Wordpress.

    I am currently using ConfigServer Security & Firewall - csf v8.16.

    In Fail2Ban on Plesk, you can just set up a regex trigger in the domains access log directory such as:

    Code:
    failregex = <HOST>.*\] \"POST .*\/wp-login.php
    I notice that similar logs in cPanel can be found in /home/*/access-logs/*.

    How can LFD be leveraged to ban multiple login failures or does LFD do this by default for applications such as Wordpress?

    Edit: I was thinking I could add /home/*/access-logs/* to the "lfd Log Scanner Files" list, but what LFD consider to be a "login failure"? How does it determine this?
     
    #1 akust0m, Feb 25, 2016
    Last edited: Feb 25, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,683
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. Tom Risager

    Tom Risager Well-Known Member

    Joined:
    Jul 10, 2012
    Messages:
    107
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Copenhagen, Denmark, Denmark
    cPanel Access Level:
    Root Administrator
  4. akust0m

    akust0m Active Member

    Joined:
    Feb 19, 2016
    Messages:
    44
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Melbourne
    cPanel Access Level:
    Root Administrator
    I ended up doing the following:

    /usr/local/csf/bin/regex.custom.pm

    Code:
    # wordpress
    if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) {
        return ("Failed Wordpress login from",$1,"wordpress","5","80,443","3600");
    }
    /etc/csf/csf.conf
    Code:
    CUSTOM1_LOG = "/home/*/access-logs/*"
    

    Seems to work great, however I'm not sure how much load it would put on the server if there was a lot domains and therefore a lot of separate log files.
     
    eva2000 and SageBrian like this.
Loading...

Share This Page