====== Sécuriser Wordpress ======

Fail2ban pour wordpress (protéger l'authentification)

<code bash>
apt-get install fail2ban
cat << 'EOF' > /etc/fail2ban/filter.d/apache-wp.conf
  
  [Definition]
  failregex = .*:(80|443) <HOST> .*(GET|POST) .*wp-login.php.* 200 .*
  ignoreregex =
  EOF
</code>

<code bash>
cat << 'EOF' >> /etc/fail2ban/jail.conf 
  
  [apache-wp]
  
  enabled = true
  port    = http,https
  filter  = apache-wp
  logpath = /var/log/apache*/*access.log
  maxretry = 3
  findtime =  120
  bantime = 3600
  EOF
</code>

Verifier :

<code bash>
fail2ban-regex /var/log/apache2/other_vhosts_access.log /etc/fail2ban/filter.d/apache-wp.conf
</code>

Lancer et contrôler :

<code bash>
service fail2ban stop
service fail2ban start
fail2ban-client status
watch fail2ban-client status apache-wp
</code>

Pour débannir : relancer fail2ban (toujours valable ?) ou 

<code bash>
fail2ban-client unban <ip>
</code>