This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Setting up Fail2Ban in Plesk to protect against WordPress bruteforce attacks
Fail2Ban allows you to block IP address for a set amount of time if they fail to login after X amount of attempts. This is to safeguard against brute-force attacks. It’s not perfect, but it helps.
- Log into Plesk.
- In the right sidebar, click on “IP Address Banning”
- If it’s not already, make sure “IP Address Banning” is already turned on by clicking the “Switch On IP address Banning” button.
- Click on “Jails”
- Click on “Add Filter”
- Name it “wp-login.conf”
- Plop this into the content field:
[Definition] failregex = ^<HOST> .* "POST .*wp-login.php ignoreregex =
- Click “OK”
- Click on the “IP Address Banning” breadcrumb to get back to the main page.
- Click on “Jails”
- Click on “Add Jail”
- Name it “wp-login”
- Under “Filter” select “wp-login.conf”
- Plop this into the textarea:
[wp-login] enabled = true filter = wp-login.conf action = iptables-multiport[name=WP, port="http,https", protocol=tcp] sendmail[dest="NAME@EMAIL.com", sendername="Fail2Ban", sender="fail2ban", name="default"]
- Change the email to your email address
- In the “logfile” textarea, add this and adjust WEBSITENAME lines accordingly. (If this is a Mediatemple DV server, then that should be the correct log directory, but you may have to do some detective work to get the correct location.)
/var/www/vhosts/system/WEBSITENAME/logs/access*log
- Finally, enter how long the ban will last for (in seconds) and the max number of Failed attempts. (e.g, 86400 for one day, and 5 attempts. or 3600 for one hour. Whatever makes sense for your set up.)
- Click OK and you’re done.
About north street
We engineer the thoughtful transformation of great organizations. Our proven process helps us understand what your competitors are doing right — and wrong. Want to learn more? Let’s chat.