During the setup of the website Careeywa, I found out that installing Fail2Ban plugin is not straightforward. Fail2Ban is open source plugin to protect WordPress websites from brute force attacks. Here I will show how to properly configure the fail2ban plugin.

Step1. Install fail2ban on the server

This step includes installing fail2ban on a web server before installing this plugin on the website.

Here I am showing steps for Amazon Linux 2

sudo amazon-linux-extras install epel -y
sudo yum -y install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo sed -i "s/^\[sshd\]/[sshd]\nenabled=true/" /etc/fail2ban/jail.local
sudo systemctl restart fail2ban
sudo systemctl enable fail2ban

For other Linux distributions like Ubuntu, steps would be the same and commands would be a little bit different.

Step2. Install Fail2Ban plugin

In this step install this plugin by going into Plugins >> Add New and search "fail2ban" in the search bar and install and activate this plugin.

Step3. Setup filters for WordPress in Server

Go to the path ` /etc/fail2ban/filter.d/`

Create wordpress-hard.conf and wordpress-soft.conf files and copy those files from https://docs.wp-fail2ban.com/en/5.0/filters.html

Create a new file in `/etc/fail2ban/jail.d</cite> called \wordpress.conf` :

[wordpress-hard]
enabled = true
filter = wordpress-hard
logpath = /var/log/auth.log
maxretry = 1
port = http,https

[wordpress-soft]
enabled = true
filter = wordpress-soft
logpath = /var/log/auth.log
maxretry = 3
port = http,https

Make sure /var/log/auth.log exist, if not then do touch /var/log/auth.log

again run sudo systemctl restart fail2ban

now run sudo fail2ban-client status wordpress-hard and you should see something like this.

Status for the jail: wordpress-hard
|- Filter
|  |- Currently failed:    18
|  |- Total failed:    19
|  `- File list:    /var/log/auth.log
`- Actions
   |- Currently banned:    0
   |- Total banned:    0
   `- Banned IP list:

This is how we correctly set up fail2ban on the WordPress website.