Add backend = auto to the jail for newer fail2ban versions
Last active
September 22, 2025 07:26
-
-
Save gjportegies/fc114095c3b7750a7510df411d470f3a to your computer and use it in GitHub Desktop.
WP Fail2ban
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local3.* -/var/log/wpf2b-block.log |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fail2Ban filter for extra failures | |
| # Generated for: v5.4.1 | |
| # | |
| [INCLUDES] | |
| before = common.conf | |
| [Definition] | |
| _daemon = (?:wordpress|wp) | |
| failregex = ^%(__prefix_line)sComment \d+ from <HOST>$ | |
| ^%(__prefix_line)sPassword reset requested for .* from <HOST>$ | |
| ignoreregex = | |
| # DEV Notes: | |
| # Requires the 'WP fail2ban' plugin: | |
| # https://wp-fail2ban.com/ | |
| # | |
| # Author: Charles Lecklider |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fail2Ban filter for hard failures | |
| # Generated for: v5.4.1 | |
| # | |
| [INCLUDES] | |
| before = common.conf | |
| [Definition] | |
| _daemon = (?:wordpress|wp) | |
| failregex = ^%(__prefix_line)sImmediately block connections from <HOST>$ | |
| ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$ | |
| ^%(__prefix_line)sSpam comment \d+ from <HOST>$ | |
| ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$ | |
| ^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$ | |
| ^%(__prefix_line)sPingback error .* generated from <HOST>$ | |
| ^%(__prefix_line)sUntrusted X-Forwarded-For header from <HOST>$ | |
| ^%(__prefix_line)sREST authentication attempt for unknown user .* from <HOST>$ | |
| ^%(__prefix_line)sXML-RPC authentication attempt for unknown user .* from <HOST>$ | |
| ^%(__prefix_line)sAkismet discarded spam comment from <HOST>$ | |
| ^%(__prefix_line)sXML-RPC request blocked from <HOST>$ | |
| ^%(__prefix_line)s.*; Bogus Pingback from <HOST>$ | |
| ^%(__prefix_line)sBlocked access from country '..' from <HOST>$ | |
| ignoreregex = | |
| # DEV Notes: | |
| # Requires the 'WP fail2ban' plugin: | |
| # https://wp-fail2ban.com/ | |
| # | |
| # Author: Charles Lecklider |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fail2Ban filter for soft failures | |
| # Generated for: v5.4.1 | |
| # | |
| [INCLUDES] | |
| before = common.conf | |
| [Definition] | |
| _daemon = (?:wordpress|wp) | |
| failregex = ^%(__prefix_line)sComment attempt on .* post \d+ from <HOST>$ | |
| ^%(__prefix_line)sBlocked username authentication attempt for .* from <HOST>$ | |
| ^%(__prefix_line)sPingback requested from <HOST>$ | |
| ^%(__prefix_line)sEmpty username from <HOST>$ | |
| ^%(__prefix_line)sAuthentication failure for .* from <HOST>$ | |
| ^%(__prefix_line)sREST authentication failure for .* from <HOST>$ | |
| ^%(__prefix_line)sXML-RPC authentication failure for .* from <HOST>$ | |
| ^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$ | |
| ignoreregex = | |
| # DEV Notes: | |
| # Requires the 'WP fail2ban' plugin: | |
| # https://wp-fail2ban.com/ | |
| # | |
| # Author: Charles Lecklider |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [wordpress-hard] | |
| enabled = true | |
| filter = wordpress-hard | |
| logpath = /var/log/auth.log | |
| maxretry = 1 | |
| port = http,https | |
| bantime = 86400 | |
| [wordpress-soft] | |
| enabled = true | |
| filter = wordpress-soft | |
| logpath = /var/log/auth.log | |
| maxretry = 3 | |
| port = http,https | |
| bantime = 86400 | |
| [wordpress-extra] | |
| enabled = true | |
| filter = wordpress-extra | |
| logpath = /var/log/auth.log | |
| maxretry = 1 | |
| port = http,https | |
| bantime = 86400 | |
| [wpf2b-blocklist-hard] | |
| enabled = true | |
| filter = wpf2b-blocklist-hard | |
| logpath = /var/log/auth.log | |
| maxretry = 1 | |
| port = http,https | |
| bantime = 86400 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Block user enumeration. | |
| */ | |
| define('WP_FAIL2BAN_BLOCK_USER_ENUMERATION', true); | |
| /** | |
| * Block multiple usernames | |
| * Docs: https://docs.wp-fail2ban.com/en/5.4/defines/constants/WP_FAIL2BAN_BLOCKED_USERS.html | |
| */ | |
| define('WP_FAIL2BAN_BLOCKED_USERS', ['admin', 'administrator', 'webmaster']); | |
| define( 'WP_FAIL2BAN_SITE_HEALTH_SKIP_FILTERS', true ); | |
| define( 'WP_FAIL2BAN_BLOCK_USER_ENUMERATION', true ); | |
| define( 'WP_FAIL2BAN_BLOCKED_USERS', ['admin', 'administrator', 'webmaster'] ); | |
| define( 'WP_FAIL2BAN_ADDON_BLOCKLIST_CUSTOM_JAIL', true ); | |
| define( 'WP_FAIL2BAN_PLUGIN_LOG_BLOCK', true ); | |
| define( 'WP_FAIL2BAN_PLUGIN_BLOCK_LOG', LOG_LOCAL3 ); | |
| define( 'WP_FAIL2BAN_ADDON_BLOCKLIST_IGNORE_IPS', ['91.132.241.178'] ); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fail2Ban filter for WP fail2ban: Blocklist hard failures | |
| # Generated for: v2.2.2 | |
| # | |
| [INCLUDES] | |
| before = common.conf | |
| [Definition] | |
| _daemon = (?:wordpress|wp) | |
| failregex = ^%(__prefix_line)s\(WPf2b\+\+/blocklist\) Immediately block connections from <HOST>$ | |
| ignoreregex = | |
| # DEV Notes: | |
| # Requires the 'WP fail2ban' plugin: | |
| # https://wp-fail2ban.com/ | |
| # | |
| # Author: Charles Lecklider |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fail2Ban filter for WP fail2ban: Blocklist soft failures | |
| # Generated for: v2.2.2 | |
| # | |
| [INCLUDES] | |
| before = common.conf | |
| [Definition] | |
| _daemon = (?:wordpress|wp) | |
| failregex = ^%(__prefix_line)s\(WPf2b\+\+/blocklist\) Consider blocking connections from <HOST>$ | |
| ignoreregex = | |
| # DEV Notes: | |
| # Requires the 'WP fail2ban' plugin: | |
| # https://wp-fail2ban.com/ | |
| # | |
| # Author: Charles Lecklider |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment