I have a WP site in a corporate DMZ that is protected by a proxy and ISA server. The server has seen its fair share of brute force attacks on SSH access, but “fail2ban” puts a stop to those.
In my environment, though, I can’t use WP-fail2ban, as the server logs all web traffic – legitimate and malicious – as coming from the same IP address, that of the ISA server.
So, if someone caused fail2ban to trigger a block, then that block would also stop legitimate user traffic.
I’ve already implemented various security tricks and a couple other security plugins, so I’m have to rely on those.
Other corporate admins take note.
- The topic ‘Can't use WP-fail2ban in a corporate environment’ is closed to new replies.