Protecting your wordpress installations with fail2ban in Plesk 12


There is no two ways about it: having your server compromised sucks. Seeing your website defaced or infected with malicious scripts feels like a punch in the gut. Did you know that modern brute force tools can test millions of passwords per second? It takes around 15 minutes to crack an average password (eight symbols in length, consisting of mixed-case letters, numbers, and special symbols). Is there anything you can do to protect yourself?

Luckily, the answer is yes. Plesk 12 comes with a comprehensive set of security tools.We have got the ModSecurity support to protect web applications, and the automatic security hardening for WordPress. But today I would like to tell you about a different tool called Fail2ban. Fail2ban is effective against brute force attacks, and can be used to protect any service running on your server.

Here is how Fail2ban works:

  1. Fail2ban constantly monitors logs of the services it protects, matching every new log entry against a pre-defined set of rules.
  2. Once a suspicious entry is found in a log, Fail2ban notes the IP of the potential attacker and starts counting. Every time the IP performs suspicious activity, Fail2ban adds one to the counter.
  3. Once a pre-defined number of attempts is reached, Fail2ban can do two things:
  • Send an email notification, and/or
  • Ban the attacker’s IP for a pre-defined length of time.

In this article we will give step-by-step instructions illustrating how you can use Fail2ban to protect your WordPress installation from brute force attacks. To do so, we will need to follow these steps:

  1. Create a filter, which is a set of one or more regular expressions. The filter is used to search the logs for suspicious activity.
  2. Create a jail, which is a set of rules covering an individual scenario. The settings of the jail determine what is to be done once an attack is detected.

Step 1: Creating the filter.

To create a filter for WordPress, go to Tools & Settings > IP Address Banning (Fail2Ban), open the Jails tab, and click Manage filters > Add Filter. Give the filter a name, and paste the following into the Content field:


failregex = ^<HOST> .* "POST .*wp-login.php HTTP/.*" 200

ignoreregex =