- Plesk Onyx for Linux
I want to improve the security of my website. How to block IPs with failed login attempts to my Wordpress admin page (wp-login.php)?
It can be done through Fail2Ban Jail. Fail2Ban can restrict authentication failures and bans attackers for 10 minutes by plesk-wordpress Jail.
- Log into Plesk.
- Go to Tools & Settings > IP Address Banning (Fail2Ban) > Jails > Manage Filters (Plesk-Wordpress) > Add Filter.
- Create a filter as follows:
failregex = ^<HOST> .* "POST .*wp-login.php HTTP/.*" 200
All connection with unsuccessful attempts to authenticate on /wp-login.php the IP will be blocked by Fail2Ban.