Fail2Ban is great at being able to parse logfiles and generate IP Filter Firewall rules (usually “DROP”) against patterns that are unwanted.
The common use of Fail2Ban is to firewall SSH login dictionary scans, but here’s how you add to just 2 files in your Fail2Ban config to block > 3 wp-login.php attempts from an IP Address.
Please note this is for GNU/Linux (Debian/Ubuntu etc) and please feel free to contact us for RHEL based equivalent commands/setup.
Add the following lines to /etc/fail2ban/jail.local
enabled = true
filter = wp-auth
action = iptables-multiport[name=NoAuthFailures, port=”http,https”]
maxretry = 3
logpath = /var/log/apache2/access.log
Add the following lines to /etc/fail2ban/filter.d/wp-auth.conf
failregex = ^
Then run as the root user:
service fail2ban reload