A word on WordPress security

First of all, I am not an expert on security. So please check this info for yourself, and don’t be shy to suggest improvements either.
In order to keep your WordPress site secure, one of the things you can do is slow down a potential brute force attack, so the attacker can try fewer login/password combinations per second.
There is an excellent plugin by convissor over at wordpress.org called Login Security Solution that does just that. I have been running it for a while now and it is very good. It emails you if your site is under attack and informs you about what its doing. It also ensures users have secure passwords. I have mentioned it before.
Recently I have had a few attacks and encountered a minor problem with the plugin. Daniel has been extremely proactive in tracking down the issue. But during the process I found that the attacks were coming from 3 IPs.
That made me think I should ban those IPs. And that led me to fail2ban. This is an excellent tool that monitors for failed login attempts and simply temporarily bans that IP using your firewall.
In debian you install it with aptitude install fail2ban. If you want to enable apache monitoring, you need to add:

enabled = true

to /etc/fail2ban/jail.local
restart fail2ban and that’s it. Within minutes of me activating it, it had already banned a few IP addresses due to failed ssh login attempts.

1 comment

  1. I realised what I wrote was perhaps a bit misleading. fail2ban won’t directly protect your WordPress blog from brute force attacks. It could in theory though I don’t know of any pre-written plugins or tools to do that at this time.
    What you could do get fail2ban to monitor failed login attempts to WordPress, and ban those IPs.
    There is a nice little writeup at Random Bits blog about using fail2ban to block spammers. It would be easy to extend to include failed login attempts. I might have a stab at that at some point.

Leave a comment

Your email address will not be published. Required fields are marked *