Given I run a couple of WP sites (one personal, and I'm in charge of the one at work), and I'm happily using WF on one and BWPS on the other, care to elaborate on what's so bad about BWPS and WordFence? Happy to listen off-list... :-)

Kind regards

Murray Crane


On 7 June 2013 13:28, Ian <ian@lovingboth.com> wrote:
Stuart Swindells said:

> After working out what was going on and adding to the fail2ban rules,
> around 400 different IPs and around 2000 requests to wp-login.php were
> blocked over the course of a couple of hours although it's died down since.
>
> If it helps anyone, my fail2ban filter:
>
> [Definition]
> failregex =  [[]client <HOST>[]] WP login failed.*
>               [[]client <HOST>[]] client denied.*wp-login.php
>
> The first line requires a change to your Wordpress theme to log failed
> logins, described here:
> http://blog.somsip.com/2012/02/using-fail2ban-to-protect-wordpress/

The one I use is simpler and has the advantage of not needing any changes to any themes:

# Fail2Ban configuration file
[Definition]
failregex = <HOST>.*] "POST /wp-login.php
ignoreregex =

.. i.e. *any* login attempt, successful or otherwise..

[apache-wp-login]
enabled  = true
port     = http,https
action   = %(action_mwl)s
filter   = apache-wp-login
logpath  = /home/*/logs/*access.log
maxretry = 5

.. so maxretry needs to be larger than one :)

Having it set to five allows four goes, whether they're failures or logging into different sites, within a few minutes without being banned and works for me. I've been using the Limit Login Attempts plugin on individual sites, so four failures is what people are used to.

(If you have apache logs elsewhere, logpath obviously needs to reflect that!)


While I'm talking about WP plugins and security, the script I use to set them up WordPress has..

# try to stop anyone installing the sodding Better WP Security plugin
# by making an impossible to access directory with that name

  mkdir wp-content/plugins/better-wp-security
  chmod -rwx wp-content/plugins/better-wp-security

# and it looks like WordFence is just as bad

  mkdir wp-content/plugins/wordfence
  chmod -rwx wp-content/plugins/wordfence

.. towards the end to stop installation of two of them which, if installed by someone who doesn't know what they are doing, will test your ability to edit MySQL databases by hand in order to get the sites working again.

  Ian


_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users