Setting up Fail2Ban in Plesk to protect against WordPress bruteforce attacks

Fail2Ban allows you to block IP address for a set amount of time if they fail to login after X amount of attempts. This is to safeguard against brute-force attacks. It’s not perfect, but it helps.

1. Log into Plesk.
2. In the right sidebar, click on “IP Address Banning”
3. If it’s not already, make sure “IP Address Banning” is already turned on by clicking the “Switch On IP address Banning” button.
4. Click on “Jails”
5. Click on “Add Filter”
6. Name it “wp-login.conf”
7. Plop this into the content field:

   [Definition]
   failregex = ^<HOST> .* "POST .*wp-login.php
   ignoreregex =

8. Click “OK”
9. Click on the “IP Address Banning” breadcrumb to get back to the main page.
10. Click on “Jails”
11. Click on “Add Jail”
12. Name it “wp-login”
13. Under “Filter” select “wp-login.conf”
14. Plop this into the textarea:

    [wp-login]
    enabled = true
    filter = wp-login.conf
    action = iptables-multiport[name=WP, port="http,https", protocol=tcp]
    sendmail[dest="NAME@EMAIL.com", sendername="Fail2Ban", sender="fail2ban", name="default"]

15. Change the email to your email address
16. In the “logfile” textarea, add this and adjust WEBSITENAME lines accordingly. (If this is a Mediatemple DV server, then that should be the correct log directory, but you may have to do some detective work to get the correct location.)

    /var/www/vhosts/system/WEBSITENAME/logs/access*log

17. Finally, enter how long the ban will last for (in seconds) and the max number of Failed attempts. (e.g, 86400 for one day, and 5 attempts. or 3600 for one hour. Whatever makes sense for your set up.)
18. Click OK and you’re done.