How to install Fail2Ban Ubuntu to block attacks to wordpress xmlrpc


This is a very rough guide to be used only as guidance when setting up fail2ban. This simple setup should work on a low traffic server.

1. Install fail2ban

sudo apt-get update
sudo apt-get install fail2ban

2. Add a filter

Go to /etc/fail2ban/filter.d
Create a file called apache-xmlrpc.conf

On this file add:

failregex = ^<HOST> .*POST .*xmlrpc\.php.*
ignoreregex =

3. Enable the filter

Go to /etc/fail2ban/jail.conf

On this file add the following:


enabled  = true
port     = http,https
filter   = apache-xmlrpc
logpath  = /var/log/apache*/*access.log
maxretry = 6

You can change the maxretry set your log path.

4. Finish up by restarting fail2ban

sudo service fail2ban restart

5. Start fail2ban after reboot

Bonus: Set fail2ban to start after a reboot