Setting up Fail2Ban in Plesk to protect against WordPress bruteforce attacks
By North Street, A Creative Studio
Fail2Ban allows you to block IP address for a set amount of time if they fail to login after X amount of attempts. This is to safeguard against brute-force attacks. It’s not perfect, but it helps.
- Log into Plesk.
- In the right sidebar, click on “IP Address Banning”
- If it’s not already, make sure “IP Address Banning” is already turned on by clicking the “Switch On IP address Banning” button.
- Click on “Jails”
- Click on “Add Filter”
- Name it “wp-login.conf”
- Plop this into the content field:
[Definition] failregex = ^<HOST> .* "POST .*wp-login.php ignoreregex =
- Click “OK”
- Click on the “IP Address Banning” breadcrumb to get back to the main page.
- Click on “Jails”
- Click on “Add Jail”
- Name it “wp-login”
- Under “Filter” select “wp-login.conf”
- Plop this into the textarea:
[wp-login] enabled = true filter = wp-login.conf action = iptables-multiport[name=WP, port="http,https", protocol=tcp] sendmail[dest="NAME@EMAIL.com", sendername="Fail2Ban", sender="fail2ban", name="default"]
- Change the email to your email address
- In the “logfile” textarea, add this and adjust WEBSITENAME lines accordingly. (If this is a Mediatemple DV server, then that should be the correct log directory, but you may have to do some detective work to get the correct location.)
/var/www/vhosts/system/WEBSITENAME/logs/access*log
- Finally, enter how long the ban will last for (in seconds) and the max number of Failed attempts. (e.g, 86400 for one day, and 5 attempts. or 3600 for one hour. Whatever makes sense for your set up.)
- Click OK and you’re done.
About north street
We engineer the thoughtful transformation of great organizations. Our proven process helps us understand what your competitors are doing right — and wrong. Want to learn more? Let’s chat.
