• Skip to content
  • Skip to primary sidebar
  • Skip to footer

Foliovision

Main navigation

  • Weblog
    • FV Player
    • WordPress
    • Video of the Week
    • Case Studies
    • Business
  • About
    • Testimonials
    • Meet the Team
    • We Support
    • Careers
    • Contact
    • Pricing
  • Products
  • Support
    • FV Player Docs
    • Pro Support
  • Login
  • Basket is empty

How to setup login protection

BusinessPress works with Fail2Ban Linux utility to protect against bruteforce hacking of WordPress login form and XML-RPC.

Requirements

First thing the check is if BusinessPress is able to output bad logins into your Linux operating system SSH logins log file. The file might be:

  • /var/log/auth.log
  • /var/log/secure

Simply do a bad login attempt and see if your IP address was appended to the file. It should look like this:

Aug 22 08:08:47 web wordpress(your-website.com)[14410]: BusinessPress fail2ban login error – Authentication failure for test from 10.11.12.13

Installation steps

Fail2Ban

Use your Linux distribution package manager to install Fail2Ban. It should be:

sudo apt install fail2ban

Or

sudo yum install fail2ban

If your Fail2Ban comes with /etc/fail2ban/jail.d/00-firewalld.conf then we recommend commenting out each line with # as Firewalld does not seem to work with using DROP instead of REJECT.

Using DROP instead of REJECT is necessary to avoid multiple malicious requests to be sent over the already established TCP connection.

To get that change blocktype = REJECT --reject-with icmp-port-unreachable and blocktype = REJECT --reject-with icmp6-port-unreachable to blocktype = DROP.

This has to be done in different files (some of the might not contain it) as it depends on your OS:

  • /etc/fail2ban/action.d/iptables.conf
  • /etc/fail2ban/action.d/iptables-common.conf

Then verify the Fail2Ban configuration:

fail2ban-client -d

There should be no errors.

WordPress Login Protection

Copy the Fail2Ban configuration files from BusinessPress to your Fail2Ban configuration:

sudo sh -c 'cd /YOUR-WEBSITE-FOLDER/wp-content/plugins/businesspress/ && cp fail2ban/wordpress.conf /etc/fail2ban/filter.d && cp fail2ban/jail.local /etc/fail2ban/jail.d/wordpress.conf && echo "All done!"'

Simply replace /YOUR-WEBSITE-FOLDER in the above command with your actual WordPress path. Then the command should report “All done!”.

Next verify the Fail2Ban configuration:

fail2ban-client -d

There should be no errors. If you get:

2022-08-22 08:04:41,694 fail2ban.jailreader [4923]: WARNING Have not found any log file for wordpress jail

Then edit /etc/fail2ban/jail.d/wordpress.conf and put in the proper logpath for your SSH logins log file. It might be /var/log/secure or /var/log/messages.

Finally you can reload Fail2Ban configuration:

sudo systemctl restart fail2ban

Then you should be able to see your new WordPress jail:

$ sudo fail2ban-client status
Status
|- Number of jail:  2
`- Jail list:   sshd, wordpress

Now anytime you do a bad login attempt you should see a line appended in /var/log/fail2ban.log:

$ sudo tail -f /var/log/fail2ban.log
2022-08-22 08:18:38,358 fail2ban.actions        [8045]: NOTICE  [wordpress] Restore Ban 95.217.144.248
2022-08-22 08:18:43,647 fail2ban.filter         [8045]: INFO    [wordpress] Found 185.119.81.102 - 2022-08-22 08:18:43
2022-08-22 08:18:53,661 fail2ban.filter         [8045]: INFO    [wordpress] Found 159.89.207.135 - 2022-08-22 08:18:53
2022-08-22 08:19:08,880 fail2ban.filter         [8045]: INFO    [wordpress] Found 109.43.114.167 - 2022-08-22 08:19:08
2022-08-22 08:19:20,895 fail2ban.filter         [8045]: INFO    [wordpress] Found 20.168.24.53 - 2022-08-22 08:19:20
2022-08-22 08:19:20,895 fail2ban.filter         [8045]: INFO    [wordpress] Found 20.168.24.53 - 2022-08-22 08:19:20
2022-08-22 08:19:22,097 fail2ban.filter         [8045]: INFO    [wordpress] Found 159.203.121.12 - 2022-08-22 08:19:22
2022-08-22 08:19:49,329 fail2ban.filter         [8045]: INFO    [wordpress] Found 185.119.81.98 - 2022-08-22 08:19:48
2022-08-22 08:20:19,364 fail2ban.filter         [8045]: INFO    [wordpress] Found 185.165.42.75 - 2022-08-22 08:20:18
2022-08-22 08:20:35,384 fail2ban.filter         [8045]: INFO    [wordpress] Found 51.91.220.143 - 2022-08-22 08:20:34
2022-08-22 08:20:50,602 fail2ban.filter         [8045]: INFO    [wordpress] Found 103.101.162.249 - 2022-08-22 08:20:50
2022-08-22 08:20:54,608 fail2ban.filter         [8045]: INFO    [wordpress] Found 10.11.12.13 - 2022-08-22 08:20:53

…until you do more than 12 attempts (this is set in) and you get banned:

2022-08-22 08:21:50,322 fail2ban.actions        [8045]: NOTICE  [wordpress] Ban 10.11.12.13

Troubleshooting

First thing to do is to check if the Fail2Ban jails are properly stored in iptables:

Then you can check your IP which got banned to ensure the rules are there:

$ sudo iptables -vnL | grep 10.11.12.13
    0     0 DROP       all  --  *      *       10.11.12.13          0.0.0.0/0

Next Steps

We also recommend blocking the repeated offenders: How to block repeated offenders with BusinessPress

You can use BusinessPress a Web Application Firewall too: How to block malicious web requests with BusinessPress

Reader Interactions

Primary Sidebar

BusinessPress

  1. How to setup login protection
  2. How to block repeated offenders
  3. How to block malicious web requests

Footer

Our Plugins

  • FV WordPress Flowplayer
  • FV Thoughtful Comments
  • FV Simpler SEO
  • FV Antispam
  • FV Gravatar Cache
  • FV Testimonials

Free Tools

  • Pandoc Online
  • Article spinner
  • WordPress Password Finder
  • Delete LinkedIn Account
  • Responsive Design Calculator
Foliovision logo
All materials © 2025 Foliovision s.r.o. | Panská 12 - 81101 Bratislava - Slovakia | info@foliovision.com
  • This Site Uses Cookies
  • Privacy Policy
  • Terms of Service
  • Site Map
  • Contact
  • Tel. ‭+421 2/5292 0086‬

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using or switch them off in .

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Necessary Cookies

Strictly Necessary Cookie allow you to log in and download your software or post to forums.

We use the WordPress login cookie and the session cookie.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Support Cookies

Foliovision.com uses self-hosted Rocket.chat and self-hosted Freescout support desk to provide support for FV Player users. These cookies allow our visitors to chat with us and/or submit support tickets.

We are delighted to recommend self-hosted Rocket.chat and especially Freescout to other privacy-conscious independent publishers who would prefer to self-host support.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

3rd Party Cookies

This website uses Google Analytics and Statcounter to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

We reluctantly use Google Analytics as it helps us to test FV Player against popular Google Analytics features. Feel free to turn off these cookies if they make you feel uncomfortable.

Statcounter is an independent Irish stats service which we have been using since the beginning of recorded time, sixteen years ago.

Please enable Strictly Necessary Cookies first so that we can save your preferences!