Your VPS gets scanned constantly. Bots try to guess SSH passwords, WordPress login credentials, and more. Fail2ban automatically blocks IPs that fail too many login attempts.

This guide shows you how to set it up on Ubuntu.

What is Fail2ban?

Fail2ban monitors log files and bans IPs that show malicious behavior. It scans services like SSH, Apache, Nginx, WordPress, and FTP. Banned IPs get blocked via iptables or UFW for a configurable time.

Step 1: Install Fail2ban

sudo apt update
sudo apt install fail2ban -y

Check status:

sudo systemctl status fail2ban

Step 2: Configure Fail2ban

Never edit /etc/fail2ban/jail.conf directly – it gets overwritten on updates. Instead, create /etc/fail2ban/jail.local.

sudo nano /etc/fail2ban/jail.local

Add basic configuration:

[DEFAULT]
bantime = 3600          # Ban for 1 hour
findtime = 600          # Look for failures in last 10 minutes
maxretry = 5            # Ban after 5 failures
destemail = admin@example.com
action = %(action_mwl)s   # Send email with whois report

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
maxretry = 3            # Stricter for SSH

Step 3: Add Jails for Common Services

Append these to jail.local if you run web services.

Apache/Nginx (if logging failed logins):

[apache-auth]
enabled = true
port = http,https
logpath = /var/log/apache2/*error.log

WordPress (if using wp‑fail2ban plugin):

[wordpress]
enabled = true
port = http,https
logpath = /var/log/wordpress-auth.log
maxretry = 5

Step 4: Restart and Enable

sudo systemctl restart fail2ban
sudo systemctl enable fail2ban

Check active jails:

sudo fail2ban-client status

See banned IPs for a specific jail:

sudo fail2ban-client status sshd

Step 5: Unban an IP Manually

If you accidentally lock yourself out, log in via your VPS console and run:

sudo fail2ban-client set sshd unbanip YOUR_IP

Optional: Email Alerts

Install mail utilities:

sudo apt install mailutils -y

Uncomment destemail and action in jail.local, then restart Fail2ban. You'll receive emails when IPs are banned.

Test Fail2ban

Use a second terminal or another machine to attempt wrong SSH logins:

ssh wronguser@your_vps_ip

After 3 failures, check if the IP is banned: sudo fail2ban-client status sshd.

Troubleshooting

No logs: Check that logpath points to the correct file. For custom WordPress installations, create a custom jail.

Ban not happening: Verify that enabled = true and the service is running.

Next Steps

Fail2ban is one part of server security. Combine with UFW, SSH key authentication, and regular updates.

Need a VPS to practice on? Check our recommended VPS providers.

Latest release

How to Use Fail2ban to Protect Your VP
How to Set Up LNMP with Docker Compose
How to Optimize WordPress Performance
How to Use GitHub Actions to Deploy to
How to Set Up a Reverse Proxy with Ngi
How to Set Up a Git Server on Your VPS
How to Use rsync for Efficient Backups
How to Optimize MySQL Performance on a

Hot content

Recommendation