adjust wordpress filter..

0.10.2/filter.d/wordpress-hard.conf

@@ -1,27 +1,36 @@
-# Fail2Ban filter for WordPress hard failures
-# Auto-generated: 2018-11-04T16:40:53+00:00
+# Fail2Ban configuration file
+#
+# Author: Charles Lecklider 2012-2016
+# Author: Brandon Allen     2016-2019
 #
 
 [INCLUDES]
 
+# Read common prefixes. If any customizations available -- read them from
+# common.local
 before = common.conf
 
+
 [Definition]
 
-_daemon = (?:wordpress|wp)
+_daemon = wp
 
-failregex = ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
-            ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
-            ^%(__prefix_line)sSpam comment \d+ from <HOST>$
-            ^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$
-            ^%(__prefix_line)sPingback error .* generated from <HOST>$
-            ^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$
-            ^%(__prefix_line)sXML-RPC authentication attempt for unknown user .* from <HOST>$
-
-ignoreregex =
-
-# DEV Notes:
-# Requires the 'WP fail2ban' plugin:
-# https://github.com/invisnet/wp-fail2ban/
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
 #
-# Author: Charles Lecklider
+failregex = ^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$
+            ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
+            ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
+            ^%(__prefix_line)sPingback error .* generated from <HOST>$
+            ^%(__prefix_line)sSpammed comment from <HOST>$
+            ^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

0.10.2/filter.d/wordpress-soft.conf

@@ -1,22 +1,31 @@
-# Fail2Ban filter for WordPress soft failures
-# Auto-generated: 2018-11-04T16:40:53+00:00
+# Fail2Ban configuration file
+#
+# Author: Charles Lecklider 2012-2016
+# Author: Brandon Allen     2016-2019
 #
 
 [INCLUDES]
 
+# Read common prefixes. If any customizations available -- read them from
+# common.local
 before = common.conf
 
+
 [Definition]
 
-_daemon = (?:wordpress|wp)
+_daemon = wp
 
-failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
-            ^%(__prefix_line)sXML-RPC authentication failure for .* from <HOST>$
-
-ignoreregex =
-
-# DEV Notes:
-# Requires the 'WP fail2ban' plugin:
-# https://github.com/invisnet/wp-fail2ban/
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
 #
-# Author: Charles Lecklider
+failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =