Write all login attempts to syslog for integration with fail2ban.
great idea rolling this all up together.
I spent quite a lot of time troubleshooting the setup. It's not mentioned in the readme but the plugin may need to tweaking depending on your OS. For CentOS 6, I had to change the jail conf to monitor /var/log/messages. I did not have to change any of the plugin PHP code as someone mentioned in the forum (threw me off since I did it).
Also, I never got fail2ban to trigger the ban action even though it was regex matching (apparently a common issue). I ended up going with CSF LFD to ban per http://forum.configserver.com/viewtopic.php?f=6&t=6663#p20069
As my server already had fail2ban, this was just the perfect plugin from brute force attacks!
The configs suggested in the help did not work, so minor tweaking were needed.
I had to play with the jail.local config block a bit, but works great after it's setup.
This is one of the things that everyone should have :)
This plugin worked nicely for me on a day when a not very powerful WordPress server was receiving thousands of bruteforce attempts from nearly a thousand different IPs. Load average dropped from 40+ to well below 1.
The README suggested this stanza in jail.local
enabled = true
filter = wordpress
logpath = /var/log/auth.log
but with Ubtuntu 12.04 and failban 0.8.6 I found I needed to add
port = http
protocol = tcp
and if you run WordPress with https, you'll instead need
port = http,https
I also added
maxretry = 2
bantime = 84600
It is suggested to add
to wp-config.php to short-circuit login attempts as admin. I followed the suggestion but instead used
because I noticed that the usernames being used in the attempts were admin, administrator, and DOMAIN (WP is served on http://www.DOMAIN.com)
The installation is easy and that works just fine.
This plugin works just fine.
It works perfectly on my system:
Debian 7 up to date
I just need to add
port = http,https
Very simple and effective