CrowdSec on WordPress

CrowdSec on WordPress
source: https://github.com/crowdsecurity/cs-wordpress-bouncer

CrowdSec is an open-source software that aims to improve the security of Internet-connected devices by collecting and analyzing data from various sources, such as intrusion detection systems, firewalls, and logs, in order to identify and block malicious activity. The CrowdSec Docker image is a pre-configured version of the CrowdSec software that can be easily deployed in a Docker container, making it easy to run CrowdSec on a variety of platforms and environments. This allows users to quickly set up and run CrowdSec without the need to manually install and configure the software.

CrowdSec - The open-source & collaborative IPS
CrowdSec is an open-source and collaborative security stack leveraging the crowd power. Analyze behaviors, respond to attacks & share signals across the community. Join the community and let’s make the Internet safer, together.

CrowdSec can be installed in several ways, depending on the platform and environment that you are using. Here are some of the most common methods for installing CrowdSec:

Using the CrowdSec Docker image: This is the easiest way to install CrowdSec and is recommended for users who are new to the software. The CrowdSec Docker image can be pulled from the Docker Hub and run in a container.

Installing from binary packages: CrowdSec provides binary packages for several popular Linux distributions, such as Debian, Ubuntu, and CentOS. These packages can be installed using the appropriate package manager for your distribution.

Compiling from source: If you want to build and install CrowdSec from the source code, you can download the latest version of the software from the GitHub repository and then follow the instructions in the README file to build and install the software.

Once installed, you will need to configure the software to work with your environment. The configuration file is located in /etc/crowdsec/config.yaml. This is where you will define your policies and specify the data sources that CrowdSec should collect data from.

Before you install CrowdSec, it is recommended that you read the documentation on the CrowdSec website and the GitHub repository, to understand the prerequisites and installation process.

The following step action installation walk-through is for my Digital Ocean VPS running Ubuntu with WordPress. These steps should work with Debian as well.

Step 1: Install CrowdSec

Install CrowdSec (Linux) | CrowdSec
For those that prefer hands-on approach, you can as well manually install crowdsec.

Install the CrowdSec repo:

curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash

Install CrowdSec:

apt install crowdsec

Step 2: Install the bouncers

Install the first bouncer:

apt install crowdsec-firewall-bouncer-iptables

Install the WordPress plugin bouncer:

Install step info here

Protect your WordPress sites with CrowdSec - The open-source & collaborative IPS

Install Blocklist mirror:

sudo apt install crowdsec-blocklist-mirror
Blocklist mirror | CrowdSec
📚 Documentation

Step 3: Configure the bouncers

Crowdsec firewall bouncer: The API Key was generated and added to the configuration file during the installation. There are options to adjusting the "crowdsec-firewall-bouncer-iptables" listed here. I leave it with the default configuration.

Blocklist mirror: During the installation step above, it automatically adds the bouncer to CrowdSec. No further configuration is required.

WordPress configuration steps here.

Download the MaxMind GeoLite2 Free Geolocation Database. Upload the GeoList2-Country.mmdb to wp-content/plugins/crowdsec/geolocation

GeoLite2 Free Geolocation Data
Develop applications using industry-leading IP intelligence and risk scoring.

Step 4: Add the WordPress Plugin bouncer to CrowdSec

Use the CrowdSec CLI and register the WP Plugin boucer.

 cscli bouncers add wordpress-bouncer

Copy the generated API Key into the WordPress Plugin settings.

Step 5: Connect the CrowdSec Instance to the CrowdSec dashboard

Follow the command listed on your https://app.crowdsec.net/instances page.

Step 6: Add relevant CrowdSec Scenarios

There are many collections listed on the https://hub.crowdsec.net/browse/ page. I chose to add:

cscli collections install crowdsecurity/linux
cscli collections install crowdsecurity/wordpress

Sources: