Hi,
Put this into /etc/fail2ban/filter.d/wordpress.conf :
# Fail2Ban filter for WordPress
[INCLUDES]
before = common.conf
[Definition]
_daemon = (?:wordpress|wp)
failregex = ^%(__prefix_line)sAuthentication attempt for unknown user .* from
<HOST>$
^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
^%(__prefix_line)sPingback error .* generated from <HOST>$
^%(__prefix_line)sSpam comment \d+ from <HOST>$
^%(__prefix_line)sXML-RPC authentication attempt for unknown user
.* from <HOST>$
^%(__prefix_line)sXML-RPC multicall authentication failure from
<HOST>$
ignoreregex =
# DEV Notes:
# Requires the 'WP fail2ban' plugin:
# https://wordpress.org/plugins/wp-fail2ban/
#
# Author: Charles Lecklider
For the rest of setup process, please, check this nice article:
https://bjornjohansen.no/using-fail2ban-with-wordpress
<https://bjornjohansen.no/using-fail2ban-with-wordpress>
Regards,
Denis
> On 24 Oct 2018, at 20:17, Mike <[email protected]> wrote:
>
>
> Does anybody have any examples of sample jail configurations to identify
> Wordpress vulnerability probes?
>
> If someone can give me a skeleton, I can work on creating something that IDs
> malicious attempts to hack into wordpress. I just need a basic framework.
>
>
>
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
