If you run wordpress on a Raspberry Pi then the chances are very high that you get attacked with many attempts and failed logins on you wp-login.php file.
In my case all these attempt showed up in my websites statistics as uniq ip’s that have had many tousands hits on my site…..it’s not only a security problem, but it also have a small impact on performance of your site, i was lucky my Pi 3 didn’t complain and was fast enough 😉
You can use the filters and jails in this post on other linux distributions, but the fail2ban and log files may be in a different place, i have made this to work for the Pi 3 with Rasperian (Debian)
Setting up fail2ban jail and filter rules
I assume that you allready have installed fail2ban
Open the jail configuration
sudo vi /etc/fail2ban/jail.d/defaults-debian.conf
Put this section in the file and save
[wordpress] enabled = true port = http,https filter = wordpress action = iptables-multiport[name=wordpress, port="http,https", protocol=tcp] logpath = /var/log/apache2/*.log maxretry = 30 findtime = 10800 ; 3 hours bantime = 86400 ; 1 day
Make a filter file for wordpress
sudo vi /etc/fail2ban/filter.d/wordpress.conf
Make this section and save file.
[Definition] failregex = ^<HOST> .* "POST .*wp-login.php ^<HOST> .* "POST .*xmlrpc.php ignoreregex =
sudo systemctl restart fail2ban