Hi I am using the Digital Ocean WordPress Droplet which comes with the WPf2b plugin installed. Inside the WordPress dashboard I have this WPf2b screen element -
It’s irritating seeing so many login attempts from IPs outside the websites target audience (United Kingdom). Note this is currently a noindex nofollow sandbox website so I am surprised bots have even found it… perhaps its a generic sub domain staging.mysite.com is how they found it.
If I renamed the wp-login would this prevent bots and reduce the WPf2b dashboard messages like Authentication attempt for unknown user admin from 171.244.0.91?
Another option I was thinking is, permanently ban IPs that fail to login that are outside a safelist of countries.
Generally speaking IPs failing to login come from -
China, Singapore, India, Vietnam, Germany, France, Switzerland and Thailand etc…
Is there a way to permanently ban these IPs only if they are outside a safe country list?
These are the fail2ban filters enabled -
etc/fail2ban/jail.d/wordpress-digitalocean.conf
[wordpress-hard]
enabled = true
filter = wordpress-hard
logpath = /var/log/auth.log
maxretry = 3
port = http,https
bantime = 86400
[wordpress-soft]
enabled = true
filter = wordpress-soft
logpath = /var/log/auth.log
maxretry = 5
port = http,https
bantime = 1800
etc/fail2ban/jail.d/defaults-debian.conf
[sshd]
enabled = true
What I’m thinking is after 3 failed attempts to permanently block the IP if its outside a safe country list?
If this is a viable option please can someone advise how to implement? I don’t mind paying for help.
I was thinking about implementing a blanket ban for all countries outside a safelist but I think that could be more detrimental than helpful? i.e. if its a genuine customer abroad and possibly hurt SERPs?
Also I found this Ultimate Apache Bad Bot Blocker which uses Fail2Ban. Would it reduce the wp-login attempts? Is it worth installing?
Another option I found is WP fail2ban Blocklist. Would this help reduce bots trying to hack the website or is it similar to Ultimate Apache Bad Bot Blocker?
Please can someone advise?
Any advice is much appreciated.
Thank you