How to install Fail2Ban Ubuntu to block attacks to wordpress xmlrpc


This is a very rough guide to be used only as guidance when setting up fail2ban. This simple setup should work on a low traffic server.

1. Install fail2ban

sudo apt-get update
sudo apt-get install fail2ban

2. Add a filter

Go to /etc/fail2ban/filter.d
Create a file called apache-xmlrpc.conf

On this file add:

failregex = ^<HOST> .*POST .*xmlrpc\.php.*
ignoreregex =

3. Enable the filter

Go to /etc/fail2ban/jail.conf

On this file add the following:


enabled  = true
port     = http,https
filter   = apache-xmlrpc
logpath  = /var/log/apache*/*access.log
maxretry = 6

You can change the maxretry set your log path.

4. Finish up by restarting fail2ban

sudo service fail2ban restart

5. Start fail2ban after reboot

Bonus: Set fail2ban to start after a reboot

Configure a service to run at startup in Ubuntu

To automatically start a service like apache, nginx, fail2ban or others after a reboot you can do the following:

sudo update-rc.d fail2ban defaults

If the service is already set to be automatically restarted you will see the following:

System start/stop links for /etc/init.d/fail2ban already exist.