I’ve setup WP Fail2ban with the Blocklist addon but it seems I can’t get it to work.
I’ve added the following filters in fail2ban: wordpress-extra.conf, wordpress-hard.conf, wordpress-soft.conf and wpf2b-blocklist-hard.conf.
In addition to that my jail file looks like this:
[wordpress-hard]
enabled = true
filter = wordpress-hard
logpath = /var/log/auth.log
maxretry = 1
port = http,https
bantime = 86400
[wordpress-soft]
enabled = true
filter = wordpress-soft
logpath = /var/log/auth.log
maxretry = 3
port = http,https
bantime = 86400
[wordpress-extra]
enabled = true
filter = wordpress-extra
logpath = /var/log/auth.log
maxretry = 1
port = http,https
bantime = 86400
[wpf2b-blocklist-hard]
enabled = true
filter = wpf2b-blocklist-hard
logpath = /var/log/wpf2b-block.log
maxretry = 1
bantime = 86400
In the wp-config.php file of the WordPress site I’ve defined the following constants:
define( 'WP_FAIL2BAN_SITE_HEALTH_SKIP_FILTERS', true );
define( 'WP_FAIL2BAN_BLOCK_USER_ENUMERATION', true );
define( 'WP_FAIL2BAN_BLOCKED_USERS', ['admin', 'administrator', 'webmaster'] );
define( 'WP_FAIL2BAN_ADDON_BLOCKLIST_CUSTOM_JAIL', true );
define( 'WP_FAIL2BAN_PLUGIN_LOG_BLOCK', true );
define( 'WP_FAIL2BAN_PLUGIN_BLOCK_LOG', LOG_LOCAL3 );
In /etc/rsyslog.d/ directory I’ve added a file named local3.conf:
local3.* -/var/log/wpf2b-block.log
Writing to the LOG_LOCAL3 seems to work fine (I’v tested with define('WP_FAIL2BAN_AUTH_LOG', LOG_LOCAL3);
But it seems like the blocklist add on won’t download/sync the IP-addresses to block.
