securewordpress:securiser_wordpress
Ceci est une ancienne révision du document !
Sécuriser Wordpress
Fail2ban pour wordpress (protéger l'authentification)
# apt-get install fail2ban # cat << 'EOF' > /etc/fail2ban/filter.d/apache-wp.conf [Definition] failregex = .*:(80|443) <HOST> .*(GET|POST) .*wp-login.php.* 200 .* ignoreregex = EOF
# cat << 'EOF' >> /etc/fail2ban/jail.conf [apache-wp] enabled = true port = http,https filter = apache-wp logpath = /var/log/apache*/*access.log maxretry = 3 findtime = 120 bantime = 3600 EOF
Verifier :
# fail2ban-regex /var/log/apache2/other_vhosts_access.log /etc/fail2ban/filter.d/apache-wp.conf
Lancer et contrôler :
# service fail2ban stop # service fail2ban start # fail2ban-client status # watch fail2ban-client status apache-wp
Pour débannir : relancer fail2ban (toujours valable ?) ou
# fail2ban-client unban <ip>
securewordpress/securiser_wordpress.1536582222.txt.gz · Dernière modification : 2018/09/10 12:23 de ronan