Wordpress - Fail2Ban - PHP

OS type and version Debian Linux 11
Webmin version 2.105

Has anybody managed to jail f.e. false login attempts out of numerous wordpress instances on one server? Every virtual wordpress site writes its logs in its own subdirectory but the Fail2Ban architecture is made for a consolidated operation. I know there is a wordpress plugin that beams messages into the /var/log/auth.log file. But I am hoping for a more clever solution that solves the task without having to touch every virtual server.
Any help will be rewarded with the gold medal of honor. Thanks!

Found this, rules look like it should run ok on virtuamin, just make sure your selecting the correct log file.

but it looks like you need to add a “plugin” to wordpress.

I just use wordfence, but not sure your keen on that.

I don’t use word press but i would hope you could conigure the log to and directory/file. If that is possible get each instance to log to the same file then use fail2ban to scan that. Or you could write a script that scans /home for the existance of the log files and then process from there

Have you read this in the forum?

Yes, thanks & and I think the problem is recognized by the developers:

Also this might be a path to follow …

Interesting that the author of this post warns of the plugins available within wordpress to solve the problem …

Thank you jimr1 for your suggestion. It is certainly the path of the solution. With wordfence we are again on the level of virtualmin. I hope to solve the problem once and for all for the whole server.

I am a bit confused. This is the Webmin area but it appears that the OP is using Virtualmin ?

On my RHEL based servers whether running Virtualmin or not, all access and error logs are written to the same directory then Virtualmin uses symlinks to allow the logs to be seen in each domain.

I created a filter to catch all xmlrpc entries and set
logpath = /var/log/virtualmin/*access_log

This has been working really well for me.

Is Debian really so different to RHEL?

That’s not a Virtualmin developer. But, we are aware of the conversation about it (I wouldn’t call it a problem…it’s just a thing that is).

Perhaps, I make the WordPress Kit in Virtualmin set up a jail to support WordPress failed logins?


… and there goes the medal of honor …

we use malware on our Wordpress sites and it handles things that I do not even knew existed.

You use malware on your website, are you sure? :smile:

Malware the short for malicious software, so why?

because it is as good as cloudflare and we dumped wordfence because it bloats your database

Not sure what your talking about and what it has to do with the post.

fail2ban is not simple to setup. most Issues are from DNA settings, spa, ptr, etc. once these are fixed you should be fine with email reputation. I use mxtoolbox as a start and it has helped me. Moving on, you need a web firewall which I now use malcare.

I guess you are extracting the urine

There is a plugin for it.

WP fail2ban – Advanced Security Plugin – WordPress-Plugin | WordPress.org Deutsch

On Alma I had to add the backend = auto line

enabled = true
filter = wordpress-soft
backend = auto
logpath = /var/log/messages
maxretry = 5
findtime = 120m
bantime = 120m
port = http,https

additionally you can setup a crowdsec bouncer if that is what you use.

WordPress | CrowdSec

or just use this plugin, not extra setup required:

WordPress Brute Force Protection – Stop Brute Force Attacks – WordPress plugin | WordPress.org

Thank you for the lively discussion. A solution at Wordpress level is not an option for me. If I have a Webmin machine with 20 Wordpress sites, then that is simply not a way forward. Webmin and Virtualmin are made exactly for such an architecture. While Virtualmin manages the individual servers, Webmin takes care of the backend. We have a real 3-tier architecture here. There simply have to be more ingenious approaches. And I know there are.