From 199c0d896911ae93b439e1af215b2fde22f2dafa Mon Sep 17 00:00:00 2001
From: Pete <p.ohm@networksec.de>
Date: Sat, 15 Jun 2019 01:57:38 +0200
Subject: [PATCH] Replace wp-auth.conf

---
 docs/hardening/anti-bruteforce/wp-auth.conf | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/docs/hardening/anti-bruteforce/wp-auth.conf b/docs/hardening/anti-bruteforce/wp-auth.conf
index 1fc420c87..cc22adda2 100644
--- a/docs/hardening/anti-bruteforce/wp-auth.conf
+++ b/docs/hardening/anti-bruteforce/wp-auth.conf
@@ -1,10 +1,26 @@
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++
+# + NetworkSEC / NwSEC Layer 7 Brute Force Protection +
+# +++++++++++++++++++++++++++++++++++++++++++++++++++++
+#
+# v1.1 150619
+#
+# BSD License
+#
+# S/W: Fail2ban or NWS ThreatBlock™ ¹
+#
+# Application:  WordPress 
+#
+# Description: Looks for some login/exploit attempts
+#
 #
-# This goes into /etc/fail2ban/filter.d/wp-auth.conf
 #
 [Definition]
 failregex = ^<HOST> .* "POST /wp-login.php
             ^<HOST> .* "POST /wordpress/wp-login.php
             ^<HOST> .* "POST /wp/wp-login.php
             ^<HOST> .* "GET /login_page.php
+            ^<HOST> .* "POST /xmlrpc.php
 #ignoreregex = 
- 
\ No newline at end of file
+#
+# ¹ j/k
+#
-- 
GitLab