Everybody Staze...

Nobody leavz...

  • Home
  • About Me
    • LinkedIn
    • Lab
  • Contact
  • Links
  • Reviews
  • Sitemap
  • Weather
You are here: Home / Sys Admin / fail2ban Wordpress and Cloudflare

fail2ban WordPress and Cloudflare

2015/01/12 By staze

Fail2ban_logoLike most people that run a WordPress site, or any CMS, I’ve struggled with brute force attacks on my site. Having just installed fail2ban on a mail server, this seemed like an obvious. Thankfully, as well, someone had already written a plugin for WordPress to drop a message in the system log saying a login failed (by default, Apache doesn’t do this, it just shows someone hit the login page). At first, I had set up an iptables/pf rule to block the bad user, but for some reason, this wasn’t happening. My test browser kept hitting the page successfully.

After a break, I realized that I use Cloudflare, and of course blocking the offending IP wouldn’t work… it never actually connects to my host. Thankfully, Cloudflare has an API, and there was already a starting point for a fail2ban action, albeit, out of date (Cloudflare forces json now). Below is that action. You should be able to just call this like any other action, after you fill out the appropriate “token” and “email”. ((Note: I had to disable “always online” with Cloudflare to have the block take effect within 5-10 seconds. With “always online” enabled, it took about 2-3 minutes to block the attack, all the while the “bot” was able to keep hitting my server.))

Good luck!


# Fail2Ban cloudflare action
#
# Author: Ryan Stasel
#
# $Revision$
#

[Definition]

# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart =

# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop =

# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =

# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <time> unix timestamp of the ban time
# Values: CMD
#
actionban = curl -s https://www.cloudflare.com/api_json.html -d ‘a=ban’ -d ‘key=‘ -d ’email=‘ -d ‘tkn=‘

# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <time> unix timestamp of the ban time
# Values: CMD
#
actionunban = curl -s https://www.cloudflare.com/api_json.html -d ‘a=nul’ -d ‘key=‘ -d ’email=‘ -d ‘tkn=‘

[Init]

account = YOUR_CLOUDFLARE_EMAIL

token = YOUR_CLOUDFLARE_TOKEN

Print Friendly, PDF & Email

Filed Under: Sys Admin Tagged With: Cloudflare, fail2ban, Wordpress

Weather

Categories / Archives

  • Apple
  • Coding
  • Electronics
  • Energy
  • Home Ownership
  • Miscellany
  • Politics
  • Prius
  • Sys Admin
  • Travel
  • Uncategorized
  • Work
  • June 2026
  • April 2026
  • August 2025
  • April 2025
  • January 2024
  • February 2021
  • July 2020
  • January 2020
  • April 2019
  • March 2018
  • February 2018
  • June 2017

Copyright © 2026 · Staze On Genesis Framework · WordPress · Log in