Prevent WordPress Brute-force attacks with fail2ban


If you run wordpress on a Raspberry Pi then the chances are very high that you get attacked with many attempts and failed logins on you wp-login.php file.

In my case all these attempt showed up in my websites statistics as uniq ip’s that have had many tousands hits on my site…’s not only a security problem, but it also have a small impact on performance of your site, i was lucky my Pi 3 didn’t complain and was fast enough 😉

You can use the filters and jails in this post on other linux distributions, but the fail2ban and log files may be in a different place, i have made this to work for the Pi 3 with Rasperian (Debian)

Setting up fail2ban jail and filter rules

I assume that you allready have installed fail2ban

Open the jail configuration

sudo vi /etc/fail2ban/jail.d/defaults-debian.conf

Put this section in the file and save

enabled = true
port = http,https
filter = wordpress
action = iptables-multiport[name=wordpress, port="http,https", protocol=tcp]
logpath = /var/log/apache2/*.log
maxretry = 30
findtime = 10800 ; 3 hours
bantime = 86400 ; 1 day

Make a filter file for wordpress

sudo vi /etc/fail2ban/filter.d/wordpress.conf

Make this section and save file.

failregex = ^<HOST> .* "POST .*wp-login.php
            ^<HOST> .* "POST .*xmlrpc.php
ignoreregex =

Restart fail2ban

sudo systemctl restart fail2ban