Skip to main content

WordPress Security

Harden WordPress with fail2ban and strict Nginx rules. Add rate limits and simple tooling to spot and block abusive traffic.

Note: This module is being worked on. Below is the lesson plan you can expect.

  • Identifying common attack vectors for WordPress
  • Writing a mu-plugin to log login attempts
  • Using fail2ban for bruteforce protection
  • Denying access to sensitive files with Nginx
  • Rate-limiting PHP execution
  • Writing a helper script to identify bad actors from server logs
  • Using a script to quickly ban IPs
  • Using a script to deny access to URL patterns
  • Installing and running ClamAV for malware scanning

Next module: Backups