Replace wp-auth.conf

Pete · Pete · commit 199c0d896911 · 2019-06-15T01:57:38.000+02:00
diff --git a/docs/hardening/anti-bruteforce/wp-auth.conf b/docs/hardening/anti-bruteforce/wp-auth.conf
@@ -1,10 +1,26 @@
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++
+# + NetworkSEC / NwSEC Layer 7 Brute Force Protection +
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++
+#
+# v1.1 150619
+#
+# BSD License
+#
+# S/W: Fail2ban or NWS ThreatBlock™ ¹
+#
+# Application:  WordPress 
+#
+# Description: Looks for some login/exploit attempts
+#
 #
-# This goes into /etc/fail2ban/filter.d/wp-auth.conf
 #
 [Definition]
 failregex = ^<HOST> .* "POST /wp-login.php
             ^<HOST> .* "POST /wordpress/wp-login.php
             ^<HOST> .* "POST /wp/wp-login.php
             ^<HOST> .* "GET /login_page.php
+            ^<HOST> .* "POST /xmlrpc.php
 #ignoreregex = 
- 
+#
+# ¹ j/k
+#
