I installed wp-fail2ban per the tutoral and kept the filter.d and jail configurations the same as in the documentation.
I have confirmed that it is logging authentication attempts. Set up a tail on my log file: sudo tail -f var/log/auth.log
Logged in from my phone. The auth.log indeed showed this line:
Sep 2 19:07:16 xxxx-ThinkPad-11e wordpress(mywebsite.ca): Accepted password for xxxx from xx.xxx.xx.xxx
(x’s added for privacy)
I also verfified the jails were running:
xxxx@xxxx-ThinkPad-11e:~$ sudo fail2ban-client status Status |- Number of jail: 4 `- Jail list: sshd, vsftpd, wordpress-hard, wordpress-soft
I then tried to simulate an attack by doing a series of failed authentications thru my cellphone. I verified that the attack was logged through tailing auth.log, but fail2ban didn’t ban me. I don’t know why.
My distro does run systemd. I tried adding backend = systemd[journalflags=1] to the jails in jail.conf. No dice.
I’m running Linux Mint 21. I am a hobbyist, no formal training in computer science or IT. My site has been attracting suspicious traffic from IPs located in countries that don’t speak my language and I would really like to figure this out. Thank you!