How to set up protection on Wordpress

akust0m

Well-Known Member
Feb 19, 2016
70
4
8
Melbourne
cPanel Access Level
Root Administrator
Hello,

I would like to set up brute force protection for applications such as Wordpress.

I am currently using ConfigServer Security & Firewall - csf v8.16.

In Fail2Ban on Plesk, you can just set up a regex trigger in the domains access log directory such as:

Code:
failregex = <HOST>.*\] \"POST .*\/wp-login.php
I notice that similar logs in cPanel can be found in /home/*/access-logs/*.

How can LFD be leveraged to ban multiple login failures or does LFD do this by default for applications such as Wordpress?

Edit: I was thinking I could add /home/*/access-logs/* to the "lfd Log Scanner Files" list, but what LFD consider to be a "login failure"? How does it determine this?
 
Last edited:

akust0m

Well-Known Member
Feb 19, 2016
70
4
8
Melbourne
cPanel Access Level
Root Administrator
I ended up doing the following:

/usr/local/csf/bin/regex.custom.pm

Code:
# wordpress
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) {
    return ("Failed Wordpress login from",$1,"wordpress","5","80,443","3600");
}
/etc/csf/csf.conf
Code:
CUSTOM1_LOG = "/home/*/access-logs/*"

Seems to work great, however I'm not sure how much load it would put on the server if there was a lot domains and therefore a lot of separate log files.