Syncing RunCloud and Cloudflare firewalls for fail2ban IPs

Cloudflare Fail2ban Serverpilot

This guide looks at adding a proxied Cloudflare service to a server set up with RunCloud and fail2ban with a WordPress jail conf set up. Once you start using Cloudflare as a CDN solution for your hosting, you are adding another firewall into the equation, albeit a very good one, but you may want to…

Read More

Block xmlrpc.php WordPress running on OpenLiteSpeed using .htaccess

Block Xmlrpc Open Litespeed

You can block the xmlrpc.php WordPress file when running on OpenLiteSpeed by adding a rewrite rule in the .htaccess file. This will reduce the brute force threat of bots making multiple resource requests. Add to your webroot .htaccess file either add it in a mod_rewrite existing block or add a new one: <IfModule mod_rewrite.c> RewriteRule…

Read More

Block wp-login.php and xmlrpc.php via fail2ban on RunCloud

Fail2ban Wordpress Runcloud

How to ban IP addresses that are brute forcing your wp-login.php and xmlrpc.php on a WordPress install with fail2ban on a RunCloud server. Email yourself any fail2ban IP addresses. Add a WordPress fail2ban filter Create a wordpress.conf file in /etc/fail2ban/filter.d/ [Definition] failregex = ^<HOST> .* “POST .*wp-login.php ^<HOST> .* “POST .*xmlrpc.php ignoreregex = If using…

Read More