Update wp-auth.conf to include some commonly attacked WordPress URLs

Pete · Pete · commit 396f20a14ced · 2019-01-29T23:57:52.000+01:00
diff --git a/docs/hardening/anti-bruteforce/wp-auth.conf b/docs/hardening/anti-bruteforce/wp-auth.conf
@@ -2,4 +2,9 @@
 # This goes into /etc/fail2ban/filter.d/wp-auth.conf
 #
 [Definition]
- failregex = ^<HOST> .* "POST /wp-login.php
+failregex = ^<HOST> .* "POST /wp-login.php
+            ^<HOST> .* "POST /wordpress/wp-login.php
+            ^<HOST> .* "POST /wp/wp-login.php
+            ^<HOST> .* "GET /login_page.php
+#ignoreregex = 
+ 
