NOTICE: Link to heading
This tutorial is assuming that you are using the Swag docker container through UnRaid. If you are, then lets proceed.
1. Edit jail.local Link to heading
At the bottom of the file, add the following block of code.
[wordpress]
enabled = true
port = http,https
filter = wordpress-auth
logpath = /config/log/nginx/access.log
maxretry = 3
bantime = 3600
ignoreip = 192.168.1.0/24
2. Edit filters Link to heading
Inside the filter.d directory create a new config file called “wordpress-auth.conf”
Within that file add the following code:
[Definition]
failregex = .*POST.*(wp-login.php|xmlrpc.php).* (403|200)
You might have noticed that I added 403 reponse code to the regex expression. By default a failed authentication to /wp-admin returns a 200, however, I set up a custom return code for failed authentication to return a 403.
Inside the “wwwrootwp-contentmu-plugins” directory, I created a file called login_helper.php with the following code.
/* Return 403 instead of 200 when wp-login failed */
add_action( 'wp_login_failed', function () {
status_header(403);
} );
3. Reload Swag Docker Link to heading
You should now be seeing content within the log files under Swag/log
Here you can see a list of IPs that tried to hit /wp-admin on my site but were unable to. Click here to see how to block all public IPs using Nginx.
