diff --git a/docs/hardening/anti-bruteforce/wp-auth.conf b/docs/hardening/anti-bruteforce/wp-auth.conf
index 1fc420c87d36994c5f3b1c2bff0dd5c7b2717c4f..cc22adda28f596726655c6b32231145c75f1810d 100644
--- a/docs/hardening/anti-bruteforce/wp-auth.conf
+++ b/docs/hardening/anti-bruteforce/wp-auth.conf
@@ -1,10 +1,26 @@
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++
+# + NetworkSEC / NwSEC Layer 7 Brute Force Protection +
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++
+#
+# v1.1 150619
+#
+# BSD License
+#
+# S/W: Fail2ban or NWS ThreatBlock™ ¹
+#
+# Application:  WordPress 
+#
+# Description: Looks for some login/exploit attempts
+#
 #
-# This goes into /etc/fail2ban/filter.d/wp-auth.conf
 #
 [Definition]
 failregex = ^<HOST> .* "POST /wp-login.php
             ^<HOST> .* "POST /wordpress/wp-login.php
             ^<HOST> .* "POST /wp/wp-login.php
             ^<HOST> .* "GET /login_page.php
+            ^<HOST> .* "POST /xmlrpc.php
 #ignoreregex = 
- 
\ No newline at end of file
+#
+# ¹ j/k
+#