Setting up Fail2Ban in Plesk to protect against WordPress bruteforce attacks

By North Street, A Creative Studio

Fail2Ban allows you to block IP address for a set amount of time if they fail to login after X amount of attempts. This is to safeguard against brute-force attacks. It’s not perfect, but it helps.

  1. Log into Plesk.
  2. In the right sidebar, click on “IP Address Banning”
  3. If it’s not already, make sure “IP Address Banning” is already turned on by clicking the “Switch On IP address Banning” button.
  4. Click on “Jails”
  5. Click on “Add Filter”
  6. Name it “wp-login.conf”
  7. Plop this into the content field:
    [Definition]
    failregex = ^<HOST> .* "POST .*wp-login.php
    ignoreregex =
  8. Click “OK”
  9. Click on the “IP Address Banning” breadcrumb to get back to the main page.
  10. Click on “Jails”
  11. Click on “Add Jail”
  12. Name it “wp-login”
  13. Under “Filter” select “wp-login.conf”
  14. Plop this into the textarea:
    [wp-login]
    enabled = true
    filter = wp-login.conf
    action = iptables-multiport[name=WP, port="http,https", protocol=tcp]
    sendmail[dest="NAME@EMAIL.com", sendername="Fail2Ban", sender="fail2ban", name="default"]
  15. Change the email to your email address
  16. In the “logfile” textarea, add this and adjust WEBSITENAME lines accordingly. (If this is a Mediatemple DV server, then that should be the correct log directory, but you may have to do some detective work to get the correct location.)
    /var/www/vhosts/system/WEBSITENAME/logs/access*log
  17. Finally, enter how long the ban will last for (in seconds) and the max number of Failed attempts. (e.g, 86400 for one day, and 5 attempts. or 3600 for one hour. Whatever makes sense for your set up.)
  18. Click OK and you’re done.
About north street

We engineer the thoughtful transformation of great organizations. Our proven process helps us understand what your competitors are doing right — and wrong. Want to learn more? Let’s chat.

More Notes

A bowler hat with radio waves behind it

From Layoff to Leadership: Tom Conlon’s Journey to a Prosperous Business

Welcome to Your 2024 Branding Pep Talk

A bowler hat with radio waves behind it

CEO Tom Conlon talks shop on Podcast Marketing Secrets