Re: [bitfolk] For those hosting WordPress blogs

Stuart Swindells said: since. The one I use is simpler and has the advantage of not needing any changes to any themes: # Fail2Ban configuration file [Definition] failregex = <HOST>.*] "POST /wp-login.php ignoreregex = .. i.e. *any* login attempt, successful or otherwise.. [apache-wp-login] enabled = true port = http,https action = %(action_mwl)s filter = apache-wp-login logpath = /home/*/logs/*access.log maxretry = 5 .. so maxretry needs to be larger than one :) Having it set to five allows four goes, whether they're failures or logging into different sites, within a few minutes without being banned and works for me. I've been using the Limit Login Attempts plugin on individual sites, so four failures is what people are used to. (If you have apache logs elsewhere, logpath obviously needs to reflect that!) While I'm talking about WP plugins and security, the script I use to set them up WordPress has.. # try to stop anyone installing the sodding Better WP Security plugin # by making an impossible to access directory with that name mkdir wp-content/plugins/better-wp-**security chmod -rwx wp-content/plugins/better-wp-**security # and it looks like WordFence is just as bad mkdir wp-content/plugins/wordfence chmod -rwx wp-content/plugins/wordfence .. towards the end to stop installation of two of them which, if installed by someone who doesn't know what they are doing, will test your ability to edit MySQL databases by hand in order to get the sites working again. Ian ______________________________**_________________ users mailing list users(a)lists.bitfolk.com https://lists.bitfolk.com/**mailman/listinfo/users<https://lists.bitfolk…