Last active
January 17, 2017 19:54
-
-
Save muhfaris/427555d75767401338b9ecf4dd4f2c50 to your computer and use it in GitHub Desktop.
Melindungi wp-login dari scriptkiddies menggunakan fail2ban
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # rules wp-auth.conf | |
| [Definition] | |
| failregex = [[]client <HOST>[]] WP login failed.* | |
| ignoreregex = | |
| # konfig jail.local | |
| [wordpress] | |
| enabled = true | |
| filter = wp-auth | |
| action = iptables-multiport[name=NoAuthFailures, port="http,https"] | |
| logpath = /var/log/nginx/example.com.access.log | |
| maxretry = 3 | |
| bantime = 3600 | |
| #fungsi di wordpress | |
| #you nolah kenapa ini harus ada baca lagi rulesnya | |
| add_action('wp_login_failed', 'log_wp_login_fail'); | |
| function log_wp_login_fail($username) { | |
| error_log("WP login failed for username: $username"); | |
| } | |
| #referensi | |
| #https://easyengine.io/tutorials/nginx/fail2ban/ | |
| #http://envyandroid.com/fail2ban-wordpress-login-attacks/#usingfail2bantoblockloginattempts | |
| #https://codepoets.co.uk/2013/fail2ban-filter-for-wordpress/ | |
| #http://serverfault.com/questions/614599/fail2ban-to-block-wordpress-brute-force-attacks-on-wp-login-php <penting> | |
| #https://hoopercharles.wordpress.com/2015/08/23/web-pages-not-databases-part-2-fail2ban-apache-ip-addresses-linux-selinux/ | |
| #http://www.scottbrownconsulting.com/2014/09/countering-wordpress-xml-rpc-attacks-with-fail2ban/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment