• Skip to content
  • Skip to primary sidebar
  • Skip to footer

Foliovision

Making the web work for you

Main navigation

  • Weblog
    • FV Player
    • WordPress
    • Video of the Week
    • Case Studies
    • Business
  • About
    • Testimonials
    • Meet the Team
    • We Support
    • Careers
    • Contact
    • Pricing
  • Products
  • Support
    • FV Player Docs
    • Pro Support
  • Login
  • Basket is empty
Affordable VAST/VPAID for Wordpress has arrived. Serve ads with your videos starting today!

New Feature for BusinessPress: Fail2Ban for WordPress Hack Attempts

20 May 2022 / Alec Kinnear / Leave a Comment

WordPress Security Plugins vs automated Fail2Ban

There’s some wonderful WordPress security plugins out there. They all start with good intentions but then become too complex. In any case, WordPress is not the right place to start security, security should be at the server-level, built into your environment, whether you use Apache (IP Tables; easy end user version .htaccess) or Nginx (IP Tables in this case).

Fail2Ban can help with illegal search strings and not just brute-force logins

We build custom servers and install Fail2Ban. Fail2Ban helps picking up over-excited bots, but doesn’t protect WordPress itself. A great place to hunt hackers is in the WordPress search field. For some reason, hackers like to search with what should be forbidden terms in WordPress search. Swiftype coughed up a list of over 11,000 dirty searches in one week on one client website which gave us a rich sample from which to work.

After removing potential false positives (we’re a tech site, someone might legitimately search for phpMyAdmin for instance) we compiled potential Fail2Ban terms into this nice short list:

'/.env',
'/.github/workflows',
'/.ssh',
'/boot.ini',
'etc/passwd',
'/ftpsync.settings',
' onerror=',
' onload=',
'/phpMyAdmin/server_import.php',
'/phpmyadmin/scripts/setup.php',
'/win.ini',
'/wp-config.php'

Unless you are Joel Spolsky1, you don’t want any IP who searches for these strings on your site.

Handling Searches

To be perfectly safe, we exclude the search requests (?s=…) from the WAF. Otherwise if your website is about computer, some normal searches might ban a visitor.

To avoid this Iwe put in these slashes at start of most of the keywords. That way visitors can still search the articles for say .env like this: https://foliovision.com/?s=.env and it’s not considered a hacking attempt. So only https://foliovision.com/.env is considered a hacking attempt.

If a visitor searches for /.env like this: https://foliovision.com/?s=/.env – then s/he still gets banned.

bbPress Searches

We’re still working on what to do with bbPress searches which look like this /{forum-base}/search/{keyword}. On a tech site, which forums often are, including our own, some of the keywords could look suspicious.

How to ban nasty searches from your own site

First you need to install Fail2Ban. So this is kind of a developer’s tool for those publishers running a website large enough to get its own VPS. You would have to be on a very good webhost indeed to get Fail2Ban on shared hosting. Let me know if you about any.2

Second, to use our code, your CMS must be WordPress3. From there, it’s very easy. Just install our own BusinessPress plugin which will help you control auto-updates, reduce WordPress branding, control ad notices, add your own branding, put your settings panel in alphabetical order, protect XML-RPC, disable Generator Tags, REST API, even emojis or oEmbed. BusinessPress will also give you Google style search results with the default WordPress search plugin, enhancing SearchWP results too. The interface is super simple:

It’s split between just three themed tabs: Update Management, Preferences, Branding.

For our purposes now, BusinessPress supports Fail2Ban for too many failed login attempts. For those on shared hosting our banning also supports LoginLockdown.

For the bad searches, you will need Fail2Ban as the IP ban must be done at server level. If you have Fail2Ban setup, BusinessPress will add the IP addresses with bad searches to auth.log which will automatically add the hacker IP’s to the ban list within a minute or two, along with failed login attempts.

If you have Fail2Ban installed with auth.log running, search term banning with the sensible default list above will just work. We plan add the opportunity to customise the illegal search list, but starting with good simple defaults.

Amazing but so much functionality in one plugin?

If you are wondering why we don’t build this out as a separate plugin, we want all this functionality as a starting point for any Foliovision website. Most of this functionality would otherwise have its own fixer plugin. In case you don’t know how the WordPress plugin repository works, every plugin must be manually updates with every WordPress revision, however, minor or it quickly disappears from search. Matt Mullenweg and Automattic have made maintaining free plugins so onerous that most free plugin developers have just abandoned their plugins.4 Moreover updating a dozen more plugins on every site doesn’t sound much fun in terms of maintenance.

The good news for you is that it’s all free and you don’t need to enable any features you don’t need or want. You’ll probably find you can drop half a dozen branding, XML-RPC, CDN and admin notice plugins for the simple and elegant BusinessPress.


  1. Publisher of StackOverflow.com and its network of (mostly) tech sites. Joel and his colleagues at Fog Creek Software also created the ground-breaking collaborative public Kanban tool, Trello. Joel’s (almost) retired weblog is an astonishing resource of code development insight, sort of a War and Peace of software development. Even Tolstoi’s novel has a beginning and end. ↩

  2. A quick search only led to VPS information or some very spammy keyword generated pages. ↩

  3. Albeit, modern WordPress has spent far more developer hours attempting to become a clunkcy pagebuilder/landing page builder than improving its CMS functionality. One can only weep or laugh at the million developer hours lost to Gutenberg, which could have been spent making WordPress core more robust or more secure as a CMS. Serious publishing is still all the rages, I don’t know why Matt Mullenweg is obsessed with landing pages and one-off marketing pages. ↩

  4. Sadly, we’re a long way from the open source beginnings of WordPress (I was there). It’s a nasty commercial WordPress world out there. Even the rats have begun abandoning ship. Latter two developers on this list are very good developers who mostly worked with their users’ interests top-of-mind. The pro WordPress community will be worse for their absence. Wow, even Justin Tadlock has left us. I wanted to write “At least Justin Tadlock is still with us but decided to check first. WordPress’s most serious long term analyst, PostStatus founder Brian Krogsgard has sold off PostStatusleft WordPress to pursue NHT of all things. We’re still here! ↩

Alec Kinnear

Alec Kinnear

Alec has been helping businesses succeed online since 2000. Alec is an SEM expert with a background in advertising, as a former Head of Television for Grey Moscow and Senior Television Producer for Bates, Saatchi and Saatchi Russia.

Categories: WordPress Tags: fail2ban, security, server, WordPress

Related Posts

  1. New FV WordPress Flowplayer version

    New FV WordPress Flowplayer version

  2. Recent WordPress Update Breaks Custom Upload Folders

  3. How to Hack a WordPress Theme: Identifying the Template

    How to Hack a WordPress Theme: Identifying the Template

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

You can click here to Subscribe without commenting

Primary Sidebar

My Account

  • My Licenses
  • My Profile
  • Invoices
  • Affiliate Area
  • Log Out

Categories

  • Business
  • Camera Reviews
  • Case Studies
  • Design
  • Flowplayer
  • Internet Marketing
  • IT
  • Life
  • SEO
  • Slovak
  • Video of the Week
  • WordPress

Footer

Our Plugins

  • FV WordPress Flowplayer
  • FV Thoughtful Comments
  • FV Simpler SEO
  • FV Antispam
  • FV Gravatar Cache
  • FV Testimonials

Free Tools

  • Pandoc Online
  • Article spinner
  • WordPress Password Finder
  • Delete LinkedIn Account
  • Responsive Design Calculator
Foliovision logo
All materials © 2023 Foliovision s.r.o. | Panská 12 - 81101 Bratislava - Slovakia | info@foliovision.com
  • This Site Uses Cookies
  • Privacy Policy
  • Terms of Service
  • Site Map
  • Contact
  • Tel. ‭+421 2/5292 0086‬

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using or switch them off in settings.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Necessary Cookies

Strictly Necessary Cookie allow you to log in and download your software or post to forums.

We use the WordPress login cookie and the session cookie.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Support Cookies

Foliovision.com uses self-hosted Rocket.chat and self-hosted Freescout support desk to provide support for FV Player users. These cookies allow our visitors to chat with us and/or submit support tickets.

We are delighted to recommend self-hosted Rocket.chat and especially Freescout to other privacy-conscious independent publishers who would prefer to self-host support.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

3rd Party Cookies

This website uses Google Analytics and Statcounter to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

We reluctantly use Google Analytics as it helps us to test FV Player against popular Google Analytics features. Feel free to turn off these cookies if they make you feel uncomfortable.

Statcounter is an independent Irish stats service which we have been using since the beginning of recorded time, sixteen years ago.

Please enable Strictly Necessary Cookies first so that we can save your preferences!