Fail2ban filter for wp-login

Could you add filter for wordpress. Becouse since iptables isnt installed there isnt documentation for it in google.

Iptables is required for fail2ban

Then i need to install un Ubuntu 22.04?

I am just working on this. What kind of filter do you want?

  • Malware / vulnerability scans?
  • Wp-login attempts?
  • 403 errors?
  • xmlrpc calls?

My tests are banning good users so for now you should use those filters with caution.

You may adapt the filters in /etc/fail2ban/filter.d

Just change the logfile path.

In my case, since I use Nginx + apache it is /var/log/apache2/domains/*[!error].log

Since hestiacp won’t list those bans in the web interface, to check if it is working, you must use
fail2ban-client status jailname
( Substitute jailname for the name of the jail you want to check)

Wp-login attempts
I too use apache+nginx

The safest method is to ban visits to wp-login.php with the method POST → that should be the content of the filter.

The location of the logfile is the one that I used in my previous post.

Could you pass me your filter and jail

I finally got it work. Thank you.