Tag Archives: Debian

Prevent WordPress Brute-force attacks with fail2ban

Introduction

If you run wordpress on a Raspberry Pi then the chances are very high that you get attacked with many attempts and failed logins on you wp-login.php file.

In my case all these attempt showed up in my websites statistics as uniq ip’s that have had many tousands hits on my site…..it’s not only a security problem, but it also have a small impact on performance of your site, i was lucky my Pi 3 didn’t complain and was fast enough 😉

You can use the filters and jails in this post on other linux distributions, but the fail2ban and log files may be in a different place, i have made this to work for the Pi 3 with Rasperian (Debian)

Setting up fail2ban jail and filter rules

I assume that you allready have installed fail2ban

Open the jail configuration

sudo vi /etc/fail2ban/jail.d/defaults-debian.conf

Put this section in the file and save

[wordpress]
enabled = true
port = http,https
filter = wordpress
action = iptables-multiport[name=wordpress, port="http,https", protocol=tcp]
logpath = /var/log/apache2/*.log
maxretry = 30
findtime = 10800 ; 3 hours
bantime = 86400 ; 1 day

Make a filter file for wordpress

sudo vi /etc/fail2ban/filter.d/wordpress.conf

Make this section and save file.

[Definition]
failregex = ^<HOST> .* "POST .*wp-login.php
            ^<HOST> .* "POST .*xmlrpc.php
ignoreregex =

Restart fail2ban

sudo systemctl restart fail2ban

How to upgrade Debian 8 (Jessie) to 9 (stretch)

If you have an old Debian Jessie you would like to have upgraded to Debian Stretch then here is what i did to make it happend.

First take a snapshot of your filesystems, just to be safe….

Run the commands below, you may have to do some minor cleanup in your /apt/sources.d directory, there can be some duplicate entries with the name jessie in it.
sed -i 's/jessie/stretch/g' /etc/apt/sources.list 
apt-get update 
apt-get upgrade 
apt-get dist-upgrade 
apt-get autoremove 
apt-get clean apt-get dist-upgrade -f