Fail2ban + WordPress + Nginx

I’ve been using the Limit Login Attempts plugin for WordPress for quite a while. It basically logs failed login attempts and automatically blocks multiple attempts from a single IP address. A few days ago I’ve switched to fail2ban instead, which is pretty new to me.

Fail2ban with WordPress and Nginx

Fail2ban is a fairly simple yet very flexible framework that monitors log files for certain patterns, and runs preconfigured actions upon certain events.

Out of the box fail2ban comes with many so called filters, which are sets of matching rules, for example SSH auth failure, vsftpd login failure and more. As well as predefined actions, like block the IP address via iptables, send an e-mail with the IP WHOIS info, etc.

I haven’t had too much time to play around with the configs, but I did manage to get it to work with my WordPress install on nginx, and here’s how.

Continue reading

Google Analytics Proxy with Nginx

Here’s a quick tip! If you need to serve a specific script, stylesheet or any other file from your own domain, you can easily proxy it with nginx. A good example is the ga.js¬†file for Google Analytics. Here’s how I proxy it with nginx, in the server context:

# Google Analytics Proxy
rewrite ^/ga.js$ /ga/ last;
location /ga/ {
        proxy_pass http://www.google-analytics.com/ga.js;
        break;
}

This rewrites the ga.js filename to the /ga/ pseudo-directory, in the context of which I can use the proxy_pass directive to fetch the file from Google. This way I have total control over the file that’s being served and especially the HTTP headers, which I was after in the first place.

You can repeat the trick with basically any file, but keep in mind that each one is a little extra load on your server, so add a caching layer where possible.