How to set up protection on Wordpress

[akust0m]

Hello,

I would like to set up brute force protection for applications such as Wordpress.

I am currently using ConfigServer Security & Firewall - csf v8.16.

In Fail2Ban on Plesk, you can just set up a regex trigger in the domains access log directory such as:

failregex = <HOST>.*\] \"POST .*\/wp-login.php

I notice that similar logs in cPanel can be found in /home/*/access-logs/*.

How can LFD be leveraged to ban multiple login failures or does LFD do this by default for applications such as Wordpress?

Edit: I was thinking I could add /home/*/access-logs/* to the "lfd Log Scanner Files" list, but what LFD consider to be a "login failure"? How does it determine this?

 

[cPanelMichael]

Hello

It's unrelated to CSF/LFD, but you may find the following document helpful:

Brute Force Attacks « WordPress Codex

Thank you.

 

[Tom Risager]

There is some relevant information in the last post of this thread: Block brute force on wordpress wp-login ? - ConfigServer Community Forum

 

[akust0m]

I ended up doing the following:

/usr/local/csf/bin/regex.custom.pm

# wordpress
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) {
    return ("Failed Wordpress login from",$1,"wordpress","5","80,443","3600");
}

/etc/csf/csf.conf

CUSTOM1_LOG = "/home/*/access-logs/*"

Seems to work great, however I'm not sure how much load it would put on the server if there was a lot domains and therefore a lot of separate log files.