Let’s face it, the Internet is a dangerous place! WordPress is one of the easiest to use frameworks for building a website, this also makes it one of the most targeted frameworks for attacks
First off, do not use the username “admin“! Make things harder for an attacker by not using site specific usernames.
Use complex passwords with alphanumeric and special characters.
Disable xmlrpc.php, this a commonly exploited feature of WordPress the enables data to be transferred with other systems, like creating new posts from Mobile Apps. Edit the file /etc/apache2/apache2.conf
<Files xmlrpc.php> Order Deny,Allow Deny from all </Files>
Setup Fail2Ban for WordPress. I am using a LAMP configuration on Ubuntu 20.04, so I will install and configure Fail2Ban with the following commands.
sudo apt update && sudo apt upgrade -y sudo apt install fail2ban -y
Create the WordPress filter in a new file wordpress.conf in /etc/fail2ban/filter.d/ with the following
[wordpress] enabled = true port = http,https filter = wordpress action = iptables-multiport[name=wordpress, port="http,https", protocol=tcp] logpath = /var/log/apache2/access*log maxretry = 3 findtime = 3600 bantime = -1
- logpath – Apache Access log
- maxretry – The maximum number of allowed failed attempts for inputting the correct password
- findtime – The period of time within the max-retry limit is crossed. 3600 is one hour
- bantime – The time in seconds for which the IP Address will be banned. Using a negative value of -1 sets the interval to permanent
Restart the Fail2Ban service
sudo systemctl restart fail2ban
Get the list of banned IP Addresses for the WordPress filter
sudo fail2ban-client status wordpress
Remove a banned IP Address from the blocklist where x.x.x.x is the IP Address
fail2ban-client set wordpress unbanip x.x.x.x
Manually add an IP Address to the blocklist where x.x.x.x is the IP Address
fail2ban-client set wordpress banip x.x.x.x