Securing WordPress (or any site) with fail2ban: prevent vuln scanners, flood and bruteforce attack

fail2ban-stopping-scannersHow to secure WordPress using advanced tools like fail2ban.

EDIT

This rules can cut out search engines from your server and they can affects all the sites hosted on the machine you are working on. I’m writing this because at the end it turned out that a better solution to prevent distribuited flooding is to use iptables with custom rules.

Fail2ban is one of my favourite server securing software, because it not only protects against several consequences deriving from being attacked by some script kiddy, but it saves a lot of system resources otherwise wasted serving pages to bots or similar.
I just discovered an annoying and repeated access log entry on my access logs wich leads to a 403/404 (i faked a little tso it makes sense for this article) error page (forbidden) and then i decided to let a specialized software do the job instead of using wordpress plugin, wich ,would act at a php/mysql level having to generate each time server headers, and here again, wasting server resources.

Some of these log entries looked loke this: Continue reading “Securing WordPress (or any site) with fail2ban: prevent vuln scanners, flood and bruteforce attack”

(Visited 4,368 times, 2 visits today)