Is Fail2ban automatically well configured for the digital ocean wordpress 18-04 marketplace image ?

Posted June 27, 2019 4.4k views
WordPressDigitalOceanUbuntu 18.04

If I launch an one click app wordpress blog (thanks to digital ocean wordpress ubuntu 18.04 image). I saw that the image included Fail2Ban.
Will I need to configure it or is Fail2ban already configured for the different log services (Apache, MySql, …) ?

Will it blocks efficently DDOS or security intrusion ?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hey there @EmmanuelMacron,

The WordPress image that we provide for the 1-click marketplace application includes Fail2ban installed from the default distribution repositories as well as the WordPress Fail2ban plugin that provides integration with WordPress’ authentication system.

These are shipped in the default configuration provided by the WordPress plugin. This configuration should be plenty adequate for most droplets running WordPress but can be further modified and the configuration changed if needed or if you are running additional services that aren’t included in the default configuration.

I hope that helps!
- Matt.

  • Hi Matt, I also have a 1-click Wordpress droplet, and I think Fail2ban was automatically installed, but I didn’t get the plugin installed. When I try to install the plugin I get a fatal error (something about redeclaring not possible, because something is already declared).

    Is this because Fail2ban is already properly configured, or is there something else I need to do?

  • Need a point of clarification here. I created a one-click droplet of WordPress 5.5.1 on Ubuntu 20.04 last week, which also comes with the WP fail2ban plugin installed.

    Here you say that “the default configuration provided by the WordPress plugin … should be plenty adequate for most droplets running WordPress”, but the plugin itself says that in the free/non-Pro version of the plugin, configuration must be made via editing wp-config.php, and there’s definitely no edits in that file that have anything to do with WP fail2ban.

    So how can “the default configuration” be “plenty adequate” when it doesn’t seem like it’s even being used? What am I missing?

    (I’m all kinds of open to being told that I’m simply missing something here.)