Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to set up protection on Wordpress

Discussion in 'Security' started by akust0m, Feb 25, 2016.

  1. akust0m

    akust0m Well-Known Member

    Joined:
    Feb 19, 2016
    Messages:
    63
    Likes Received:
    4
    Trophy Points:
    8
    Location:
    Melbourne
    cPanel Access Level:
    Root Administrator
    Hello,

    I would like to set up brute force protection for applications such as Wordpress.

    I am currently using ConfigServer Security & Firewall - csf v8.16.

    In Fail2Ban on Plesk, you can just set up a regex trigger in the domains access log directory such as:

    Code:
    failregex = <HOST>.*\] \"POST .*\/wp-login.php
    I notice that similar logs in cPanel can be found in /home/*/access-logs/*.

    How can LFD be leveraged to ban multiple login failures or does LFD do this by default for applications such as Wordpress?

    Edit: I was thinking I could add /home/*/access-logs/* to the "lfd Log Scanner Files" list, but what LFD consider to be a "login failure"? How does it determine this?
     
    #1 akust0m, Feb 25, 2016
    Last edited: Feb 25, 2016
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,384
    Likes Received:
    1,951
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Tom Risager

    Tom Risager Well-Known Member

    Joined:
    Jul 10, 2012
    Messages:
    116
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Copenhagen, Denmark
    cPanel Access Level:
    Root Administrator
  4. akust0m

    akust0m Well-Known Member

    Joined:
    Feb 19, 2016
    Messages:
    63
    Likes Received:
    4
    Trophy Points:
    8
    Location:
    Melbourne
    cPanel Access Level:
    Root Administrator
    I ended up doing the following:

    /usr/local/csf/bin/regex.custom.pm

    Code:
    # wordpress
    if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) {
        return ("Failed Wordpress login from",$1,"wordpress","5","80,443","3600");
    }
    /etc/csf/csf.conf
    Code:
    CUSTOM1_LOG = "/home/*/access-logs/*"
    

    Seems to work great, however I'm not sure how much load it would put on the server if there was a lot domains and therefore a lot of separate log files.
     
    eva2000 and SageBrian like this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice