From 396f20a14ced6212337a396d5621576788e2862c Mon Sep 17 00:00:00 2001
From: Pete <p.ohm@networksec.de>
Date: Tue, 29 Jan 2019 23:57:52 +0100
Subject: [PATCH] Update wp-auth.conf to include some commonly attacked
 WordPress URLs

---
 docs/hardening/anti-bruteforce/wp-auth.conf | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/docs/hardening/anti-bruteforce/wp-auth.conf b/docs/hardening/anti-bruteforce/wp-auth.conf
index 2acad450ca..1fc420c87d 100644
--- a/docs/hardening/anti-bruteforce/wp-auth.conf
+++ b/docs/hardening/anti-bruteforce/wp-auth.conf
@@ -2,4 +2,9 @@
 # This goes into /etc/fail2ban/filter.d/wp-auth.conf
 #
 [Definition]
- failregex = ^<HOST> .* "POST /wp-login.php
\ No newline at end of file
+failregex = ^<HOST> .* "POST /wp-login.php
+            ^<HOST> .* "POST /wordpress/wp-login.php
+            ^<HOST> .* "POST /wp/wp-login.php
+            ^<HOST> .* "GET /login_page.php
+#ignoreregex = 
+ 
\ No newline at end of file
-- 
GitLab