Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block External Access to "wp-admin"

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chrisathome
      last edited by

      I am looking for a way to block any external access to my wordpress admin/login page.
      Can anyone make a recommendation on a rule to package that will get this done?

      Thank you!

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by Gertjan

        You can block them.
        But easily not with pfSense as a firewall.

        There are several wordpress "fail2ban" plugins that dumps failed authentication to the world's most classic log file : /var/log/auth.log

        Feb  3 17:20:59 ns311465 wp(my-domain-using-wp.tld)[28863]: Authentication failure for admin from 137.74.169.241
        Feb  3 17:20:59 ns311465 wp(my-domain-using-wp.tld)[28863]: XML-RPC authentication failure from 137.74.169.241
        

        You also need the fail2ban package for the OS used, on your web server.
        fail2ban will analyse your auth.log, your web server logs, your mail server logs your ftp server logs, your ......... and test (regex) these logs for lines that should ticker the blocking of the offender.
        Like out "137.74.169.241" above.
        fail2ban is capable generating iptables rules if a rule triggered.

        fail2ban would work fine on pfSEnse, as it can handle "pf", the pfSense firewall ...... but : the pf firewall is handled by the GUI only, and fail2ban can't handle the GUI .

        Btw : on a typical mail web whatever server - the one I have, there isn't even a firewall. Because : you don't need one. Still, a initial empty "pass all, for INPUT, OUPUT and FORWARD firewall" exists (my default iptables mentioned above) and it's filled with a block -hostrule if some one tries and fails several times - like the very popular access to mine and your- site.fr /wp-admin

        This is the result. At any time I have a couple of thousands of IP banned, for a couple of days or so.
        Since the end of last year, IPv6 also showq up now.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        S 1 Reply Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire @Gertjan
          last edited by

          Snort/Suricata may block repeated login failures. I'm pretty sure that's available in the "web server" rules. We also have fail2ban on the servers we host.

          I would not be surprised if there was a WordPress plugin to limit access by IP address. Another consideration might be MFA, for instance https://duo.com/docs/wordpress is free for under 10 users.

          But overall a firewall blocks traffic by IP or port, not URL. Possibly a reverse proxy like HAProxy?

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote ๐Ÿ‘ helpful posts!

          S 1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            You would have to run things through a proxy like HAProxy to inspect the URLs first, or (better) block them in your web server configuration. It's most likely possible in your web server to deny access to the URLs by source address.

            Less overhead than haproxy, less to go wrong, and more likely to work.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • S
              SteveITS Galactic Empire @SteveITS
              last edited by

              @teamits said in Block External Access to "wp-admin":

              if there was a WordPress plugin to limit access by IP address

              Ran across this today (haven't tried): https://wordpress.org/plugins/secure-admin-ip/

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote ๐Ÿ‘ helpful posts!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.