WP fail2ban - Version 1.0

Version Description

Initial release.

Release Info

Developer	invisnet
Plugin	WP fail2ban
Version	1.0
Comparing to
See all releases

Version 1.0

Files changed (3) hide show

readme.txt +47 -0
wordpress.conf +30 -0
wp-fail2ban.php +25 -0

readme.txt ADDED Viewed

	@@ -0,0 +1,47 @@


1	+ === WP fail2ban ===
2	+ Contributors: invisnet
3	+ Author URI: https://charles.lecklider.org/
4	+ Plugin URI: https://charles.lecklider.org/wordpress/fail2ban/
5	+ Tags: fail2ban, security, syslog, login
6	+ Requires at least: 3.4.0
7	+ Tested up to: 3.4.2
8	+ Stable tag: 1.0
9	+ License: GPLv2 or later
10	+ License URI: http://www.gnu.org/licenses/gpl-2.0.html
11	+
12	+ Write all login attempts to syslog for integration with fail2ban.
13	+
14	+ == Description ==
15	+
16	+ [fail2ban](http://www.fail2ban.org/) is one of the simplest and most effective security measures you can implement to prevent brute-force password-guessing attacks.
17	+
18	+ WP fail2ban logs all login attempts, whether successful or not, to syslog using LOG_AUTH. To make log parsing as simple as possible WPf2b uses the same format as sshd. For example:
19	+
20	+ Oct 17 20:59:54 foobar wordpress(www.example.com)[1234]: Authentication failure for admin from 192.168.0.1
21	+ Oct 17 21:00:00 foobar wordpress(www.example.com)[2345]: Accepted password for admin from 192.168.0.1
22	+
23	+ WPf2b comes with a `fail2ban` filter, `wordpress.conf`.
24	+
25	+ Requires PHP 5.3 or later.
26	+
27	+ == Installation ==
28	+
29	+ 1. Upload the plugin to your plugins directory
30	+ 1. Activate the plugin through the 'Plugins' menu in WordPress
31	+ 1. Copy `wordpress.conf` to your `fail2ban/filters.d` directory
32	+ 1. Edit `jail.local` to include something like:
33	+
34	+ `[wordpress]`
35	+ `enabled = true`
36	+ `filter = wordpress`
37	+ `action = pf`
38	+ `logpath = /var/log/auth.log`
39	+
40	+ 1. Reload or restart `fail2ban`
41	+
42	+ There are no options to configure.
43	+
44	+ == Changelog ==
45	+
46	+ = 1.0 =
47	+ Initial release.

wordpress.conf ADDED Viewed

	@@ -0,0 +1,30 @@


1	+ # Fail2Ban configuration file
2	+ #
3	+ # Author: Charles Lecklider
4	+ #
5	+
6	+ [INCLUDES]
7	+
8	+ # Read common prefixes. If any customizations available -- read them from
9	+ # common.local
10	+ before = common.conf
11	+
12	+
13	+ [Definition]
14	+
15	+ _daemon = wordpress
16	+
17	+ # Option: failregex
18	+ # Notes.: regex to match the password failures messages in the logfile. The
19	+ # host must be matched by a group named "host". The tag "<HOST>" can
20	+ # be used for standard IP/hostname matching and is only an alias for
21	+ # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
22	+ # Values: TEXT
23	+ #
24	+ failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
25	+
26	+ # Option: ignoreregex
27	+ # Notes.: regex to ignore. If this regex matches, the line is ignored.
28	+ # Values: TEXT
29	+ #
30	+ ignoreregex =

wp-fail2ban.php ADDED Viewed

	@@ -0,0 +1,25 @@


1	+ <?php
2	+ /*
3	+ Plugin Name: WP fail2ban
4	+ Plugin URI: https://charles.lecklider.org/wordpress/wp-fail2ban/
5	+ Description: Write all login attempts to syslog for integration with fail2ban.
6	+ Version: 1.0
7	+ Author: Charles Lecklider
8	+ Author URI: https://charles.lecklider.org/
9	+ License: GPL2
10	+ */
11	+
12	+
13	+ add_action( 'wp_login',
14	+ function($user_login, $user)
15	+ {
16	+ openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY\|LOG_PID,LOG_AUTH);
17	+ syslog(LOG_INFO,"Accepted password for $user_login from {$_SERVER['REMOTE_ADDR']}");
18	+ });
19	+ add_action( 'wp_login_failed',
20	+ function($username)
21	+ {
22	+ openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY\|LOG_PID,LOG_AUTH);
23	+ syslog(LOG_NOTICE,"Authentication failure for $username from {$_SERVER['REMOTE_ADDR']}");
24	+ });
25	+