Articles in this section

Vulnerability CVE-2026-49975: HTTP/2 Bomb
Vulnerability: CVE-2026-42945: DoS and RCE in nginx before 1.31.1/1.30.1
Is Plesk affected by CVE-2026-23918? (Double Free and possible RCE in Apache http2 module)
Preferred domain redirect does not work when Nginx is not installed in Plesk
What do the HTTP status codes that you see in Plesk server logs mean in general?
Plesk error: AH00526: Syntax error on line 15 of /etc/apache2/plesk.conf.d/server.conf: Invalid command 'plesklog'
Many websites failed to open on the Plesk server: Error 502: Connection refused while connecting to upstream
How to restart an IIS Application Pool for a website on a Windows Plesk server?
How to calculate and adjust the MaxRequestWorkers limit on the server with Plesk
After updating Plesk Obsidian to 18.0.74 on Ubuntu 22.04, nginx fails to start: /lib/x86_64-linux-gnu/libstdc++.so.6: version `GLIBCXX_3.4.32' not found
See more

How to protect WordPress websites from brute-force attacks on a Plesk for Linux server

Jose Flores

Updated June 18, 2026 17:27

kb: how-to Plesk for Linux ABT: Group B

Applicable to:

Plesk for Linux

Question

How to protect WordPress websites from brute-force attacks on a Plesk for Linux server?

Answer

Use Fail2ban to protect WordPress websites from brute-force attacks.

Install Fail2Ban on a Plesk server.
Start Fail2Ban and activate the plesk-wordpress jail.

For servers with large amount of domains, use more granular log paths instead of wilcard. Like: /var/www/vhosts/system/*/logs/access_ssl_log instead of /var/www/vhosts/system/*/logs/*access*

For detailed instructions, visit this Plesk blog page:

Plesk Blog: Protecting your WordPress installations with Fail2ban

Comments

0 comments

Please sign in to leave a comment.