Hi I am using the WordPress One-Click Install and the WPf2b dashboard shows IPs that aren’t the target audience (United Kingdom). These IPs are from Singapore, India, Thailand and USA -
Date/Time Priority Message 2022-09-24 18:39:46 Z Notice Authentication attempt for unknown user admin from 220.127.116.11 2022-09-24 18:31:38 Z Notice Authentication attempt for unknown user admin from 18.104.22.168 2022-09-24 18:20:25 Z Notice Authentication attempt for unknown user admin from 22.214.171.124 2022-09-24 18:14:56 Z Notice Authentication attempt for unknown user admin from 126.96.36.199 2022-09-24 18:06:39 Z Notice Authentication attempt for unknown user admin from 188.8.131.52
Ideally is it possible the DigitalOcean Fail2Ban filters [wordpress-soft] & [wordpress-hard] permanently ban IPs that are not in the United Kingdom? Please can someone advise how to implement?
Or would it be best to block all these countries to save resources? And potentially stop the website being hacked? If yes, how? Should this be done using UFW or Fail2ban?
My concern with a blanket country ban is it might have negative SEO effects and block a genuine customer.
It’s irritating seeing so many bots trying to hack the website. Wouldn’t it just be best to blanket ban the country they are coming from?
My setup is Ubuntu 22.04.1 LTS Apache 2.4.
Any advice is much appreciated.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Click below to sign up and get $200 of credit to try our products over 60 days!
The WordPress image that we provide for the 1-click marketplace application includes Fail2ban installed from the default distribution repositories as well as the WordPress Fail2ban plugin that provides integration with WordPress’ authentication system.
These are shipped in the default configuration provided by the WordPress plugin. This configuration should be plenty adequate for most droplets running WordPress but can be further modified and the configuration changed if needed or if you are running additional services that aren’t included in the default configuration.
On another note, you can use CSF to block IPs.
CSF is extremely easy to use and configure.
To block an IP address or range just use:
We also have a tutorial which you can check here:
You can do this using
CSF(ConfigServer Firewall) as well. In order to block a country, you can use the
CC_DENYoption which accepts two-letter country codes such as the US, GB and etc.
In order to list more than one country you just need to separate them using commas:
CC_DENY = "AB,CD,EF"
You may find a list of ISO 3166-1 alpha-2 code at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
If you’re not familiar with CSF or you want to install it on CentOS or Ubuntu droplet check out this mini tutorial:
and for Ubuntu:
Hope this helps!
I’ve personally done this in the past by using CSF rather than UFW. There is an option in the CSF config that allows you to block specific countries by adding the country code in the CCDENY list in CSF.
How to install and Configure Config Server Firewall (CSF) on CentOS
For Ubuntu use How To Install and Configure Config Server Firewall (CSF) on Ubuntu
Another method would be to use CloudFlare and block the traffic through there. The good thing of doing this is that the traffic would be filtered even before it reaches your server.
Generally speaking, blocking a country would not really prevent a hacker from accessing your website, as they could use a VPN or a proxy server. It is best to keep your website up to date with all of the latest security patches. I would recommend following the steps from this tutorial here on how to secure your WordPress website:
Hope that this helps!