From b3e4441f0762b777f34d4d58e7f2a84af1f3fe2f Mon Sep 17 00:00:00 2001
From: bprieshof <bprieshof@noreply.example.org>
Date: Thu, 6 Jun 2019 12:12:05 +0200
Subject: [PATCH] Add 'config/Fail2Ban/filter.d/wordpress-hard.conf'

---
 config/Fail2Ban/filter.d/wordpress-hard.conf | 28 ++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 config/Fail2Ban/filter.d/wordpress-hard.conf

diff --git a/config/Fail2Ban/filter.d/wordpress-hard.conf b/config/Fail2Ban/filter.d/wordpress-hard.conf
new file mode 100644
index 0000000..1e1edb3
--- /dev/null
+++ b/config/Fail2Ban/filter.d/wordpress-hard.conf
@@ -0,0 +1,28 @@
+# Fail2Ban filter for WordPress hard failures
+# Auto-generated: 2019-05-16T11:33:34+00:00
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = (?:wordpress|wp)
+
+failregex = ^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$
+            ^%(__prefix_line)sREST authentication attempt for unknown user .* from <HOST>$
+            ^%(__prefix_line)sXML-RPC authentication attempt for unknown user .* from <HOST>$
+            ^%(__prefix_line)sSpam comment \d+ from <HOST>$
+            ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
+            ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
+            ^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$
+            ^%(__prefix_line)sPingback error .* generated from <HOST>$
+
+ignoreregex =
+
+# DEV Notes:
+# Requires the 'WP fail2ban' plugin:
+# https://wp-fail2ban.com/
+#
+# Author: Charles Lecklider