Fail2ban Wordpress Runcloud

How to ban IP addresses that are brute forcing your wp-login.php and xmlrpc.php with fail2ban on a RunCloud server.   Add a WordPress fail2ban filter Create a wordpress.conf file in /etc/fail2ban/filter.d/ [Definition] failregex = ^<HOST> .* “POST .*wp-login.php ^<HOST> .* “POST .*xmlrpc.php ignoreregex = If you just want to ban only one of them just…

Read More
Force SSH Password

This is the command to force a SSH password between a client and server, you may have passwordless connection set up with SSH keys but want to check that a password is correct. ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no user@1.2.3.4 Swap out user@1.2.3.4 with your connection details. Once logged in, if you want to change the…

Read More
Block Xmlrpc Wp Login Nginx

You can block xmlrpc.php and wp-login.php via NGINX with the configurations below, what’s good about this approach is that it prevents brute force attacks at the NGINX server level without any PHP/MySQL resources being used. xmlrpc.php for NGINX location = /xmlrpc.php { deny all; } To allow JetPacks IP addresses through adjust the config to…

Read More