Let’s discover out how one can shield your Docker WordPress web site utilizing CrowdSec. Now you can shield your WordPress web site like a professional in a couple of easy steps! This information assumes that you’re working a WordPress Docker container that exists behind a reverse proxy. It’s good to skip one step if you’re not utilizing a reverse proxy.
About CrowdSec
CrowdSec is an open-source, collaborative IP safety answer that analyses behaviors and shares alerts throughout the neighborhood. It’s like Fail2Ban, however you’ll be able to share your ban with different customers. Sharing bans helps you preemptively block malicious hosts earlier than they trigger any harm.
About Reverse Proxy
A reverse proxy is a server that sits in entrance of a number of internet servers, intercepting consumer requests. The reverse proxy then forwards the request from the entrance to the again and specifies the unique IP within the X-Forwarded-For (or XFF) header. The XFF request header is a de-facto customary header for figuring out the originating IP deal with of a consumer connecting to an internet server by means of a proxy server. Fortunately, CrowdSec has a built-in characteristic that means that you can use a reverse proxy and test the XFF headers with out challenge.
What You Will Want
This information assumes that you’ve got some working information of reverse proxy and Docker. Thus, you need to have already got a working Docker setup, reverse proxy, and working WordPress web site.
Let’s get began!
Setup the CrowdSec Agent in your Docker WordPress
First, we have to arrange the native API and Agent. Each co-exist within the official container:
model: "2.1"
providers:
crowdsec:
picture: docker.io/crowdsecurity/crowdsec:newest
container_name: crowdsec
ports:
- 49155:8080
setting:
- GID=1000
- COLLECTIONS=crowdsecurity/wordpress crowdsecurity/http-cve crowdsecurity/whitelist-good-actors
volumes:
- /mnt/containers/crowdsec/config:/and so forth/crowdsec:rw
- /mnt/containers/crowdsec/knowledge:/var/lib/crowdsec/knowledge:rw
- /var/log:/var/log/host:ro
restart: unless-stoppedSo, what have we simply finished?
- First, you created a container known as “crowdsec”.
- Subsequent, you uncovered port “49155” to this container. Change this if this port isn’t obtainable to you.
- And at last, you persevered the CrowdSec storage to “/mnt/containers/crowdsec/”.
Notice, nonetheless, that CrowdSec will learn the logs of the WordPress Docker container from “/var/log”. Due to this fact, it’s good to regulate your WordPress Docker container to log this folder into the Syslog.
Right here is an instance of set the logging driver to attain this:
providers:
weblog:
container_name: "my-blog"
picture: "wordpress:newest"
ports:
- 49154:80
restart: "at all times"
volumes:
- /mnt/containers/my-blog:/var/www/html
logging:
driver: "syslog"Subsequent, to make life simpler working with CrowdSec CLI contained in the container, we’re going to create an alias in our shell profile:
alias cscli="docker exec -t crowdsec cscli"Lastly, you need to get the IP deal with of the container as a result of we’ll use it later:
docker examine -f '{{vary.NetworkSettings.Networks}}{{.IPAddress}}{{finish}}' crowdsecSet up the CrowdSec WordPress Plugin
Now that you’ve got the CrowdSec agent and API Docker container working, it’s good to set up the CrowdSec WordPress Bouncer.
You’ll be able to set up it similar to every other WordPress plugin:
- Discover the CrowdSec plugin within the WordPress market
- Then set up and activate the plugin.
Configure the CrowdSec WordPress Plugin
Now you’ll be able to navigate to the CrowdSec plugin in WordPress and configure your CrowdSec Bouncer.
To do that, you have to to know the IP deal with of the CrowdSec container. See the earlier instructions to see how to do that. Subsequent, you have to an API key to permit the Bouncer to hook up with the Agent.
You will get an API key by working the next command:
cscli bouncers add my-wp-bouncerFor instance, this command will output one thing like this:
Api key for 'my-wp-bouncer':
fccdbc6012314a4edd58da033cc46dbf1
Please hold this key because you won't be able to retrieve it!
Subsequent, add the API URL utilizing the recognized IP deal with and the API key to the WordPress Bouncer plugin:
Subsequent, we have to configure our reverse proxy. You have to to know the IP deal with of your reverse proxy for this step. Click on on the CrowdSec Superior Settings possibility and enter your trusted IPs within the “Belief these CDN IPs (or Load Balancer, HTTP Proxy)” setting.
Check your CrowdSec WordPress Blocker
Now you can take a look at if all the pieces is working as anticipated. First, use one other gadget reminiscent of your telephone, and be sure to hook up with the web with a distinct IP deal with. Then attempt to hook up with your WordPress web site. Once more, all the pieces ought to work as anticipated.
Subsequent, get the IP deal with of your completely different gadget with one other IP and run the next command:
cscli choices add -i 49.179.65.10It is best to see a consequence like this:
INFO[07-05-2022 08:19:01 AM] Choice efficiently added Visiting the identical web site ought to provoke a show of a message like this:
This message signifies that your WordPress Docker container is utilizing CrowdSec accurately. Properly finished!
You’ll be able to undo the IP ban utilizing the next command:
cscli choices delete -i 49.179.65.10Helpful CrowdSec instructions
Checklist Bouncers
To see an inventory of all of the related bouncers:
Instance output:
Checklist Alerts
To see an inventory of all of the alerts:
Instance output:
Examine An Alert
To examine a selected alert:
Instance output:
Wrapping Up
You’ve realized arrange CrowdSec to guard your WordPress web site behind a reverse proxy on Docker. CrowdSec makes it simple to assist hold your WordPress web site safe.
You Could Additionally Be In
Sources:
![15 Greatest HR Software program for HR managers & HR groups [2025]](https://multicloud365.com/wp-content/uploads/2025/01/HR-Software-Why-You-Might-Need-It-in-2023-120x86.png)
