WordPress – Fail2Ban

     If you have a WordPress site here, please install the plugin “WP Fail2ban“.  This plugin will generate a syslog entry for failed logins for which I have created fail2ban rules and will lock out the IP address of anyone attempting a brute force password attack.  Please note this is WP Fail2ban by Charles Lecklider and not WordPress Fail2Ban by Wireflare.  The former has been tested and confirmed working.  The latter may work but I have not tested it.

     Also, if you protect part of your site with HTTP authentication, I have created rules that will pick up multiple password guesses and ban those as well.