Optimizing plesk-wordpress jail and filter for fail2ban

The Plesk-Wordpress Jail is not configured optimal for banning all attacks to your wordpress Sites. So I have optimized the filter and jail.

In Plesk Gui go to Tools & Settings and in Section Security to IP Address Banning (Fail2Ban):

Then open Jails and Manage Filters:

open the Jail Filter plesk-wordpress and change the content to:

[Definition]
failregex = ^<HOST>.* "POST .*(wp-login.php|xmlrpc.php)([/\?#\\].*)? HTTP/.*" 200|401
ignoreregex =

like this and save settings with OK:

Now open the jail plesk-wordpress and change Settings:

add the following into action:

iptables-multiport[name="plesk-wordpress", port="http,https,7080,7081"]

and this into the field for logpath:

/*access*log
/var/log/apache2/*access.log
/var/www/vhosts/system/*/logs/*access*log.processed

then click OK.

Now the WordPress-Jail is optimized to ban all attacks on wp-login and xmlrpc.

Unterstützung

——————————————————-

Post Views: 1.664

TYPO3 Freelancer sagt:

19. März 2021 um 09:01 Uhr

Sehr schönes Beispiel, ich nutze generell nur noch Fail2ban, auch um den Backend-Login bei meinen TYPO3 Installationen zu schützen.

Antworten

Markus' Blog