Introduction on CrowdSec
CrowdSec is a free, open-source and collaborative IDS (Intrusion Detection System) and combined with a bouncer an IPS (Intrusion Prevention System). CrowdSec Analyzes behaviors, respond to attacks & share signals across the community by analyzing your logs. By leveraging on this community it benefits from all the combined logs to feed the IPS and IDS to make the right decision on the potential attack. The decisions are made by the results of scanning the logs. For example NGINX or Apache webserver logs. These decisions are then passed to the bouncer. CrowdSec can be used to improve your security of your WordPress site.
In this blog post we will focus on integrating the WordPress CrowdSec plugin into your WordPress site. This plugin will connect with the locally installed CrowdSec software.
Installing CrowdSec on the WordPress server
Installing CrowdSec on your webserver is easy. They have easy to follow guides for most mainstream Linux distributions. For more information about installing the software and different kind of bouncers head over to the installation guides on the CrowdSec website.
Integrating CrowdSec with WordPress
After installing CrowdSec on your WordPress webserver we first need to create an API key that we will later need for the WordPress plugin. This API key can be created with the cscli command:
[root@webserver ~]# cscli bouncers add wordpress-bouncer
Api key for 'wordpress-bouncer':
'random API key string'
Please keep this key since you will not be able to retrieve it!
We now have the API key needed to connect the CrowdSec bouncer plugin to the locally installed CrowdSec of the operating system.
After that login to your WordPress site and go to the plugins tab. On this page search for CrowdSec, press the install button to install the plugin. After installing active the plugin:
The CrowdSec plugin will now show in the menu bar in the left. From the menu bar go to the CrowdSec Plugin Configuration. In the LAPI URL field you should fill in the hostname http://localhost:8080 and the API key we created earlier with the cscli command:
Now in the settings menu make sure to disable the Public website only configuration to also secure the wp-admin login page.
Conclusion
You now have the CrowdSec WordPress plugin enabled and configurated to benefit from the CrowdSec IDS and IPS community. CrowdSec is not a full security solution but offers an extra layer of protection supported by the CrowdSec community. CrowdSec can be a great and easy way to improve your security on your WordPress site. The benefit is that it integrates in WordPress via the WordPress plugin.
[…] Above all always keep your server and NGINX up-to-date and patched. Also give my other post about integrating CrowdSec with WordPress a […]