you have a whole bunch of Wordpress sites hosted on your server, and because it's widely used (most likely even #1 of CMS platforms) it's attacked a lot...especially with lots of silly login attempts. first of all you can't trust that your customers always use secure passwords, and then you also can't expect them to install (AND update!) plugins to secure their sites from multiple login attempts..well, ok, some hosts do that, but I am against forcing people to install stuff.
now here's the solution: use fail2ban. often the fail2ban rules are a bit of a pain in the rear to set up, but with Wordpress you can do it actually really simple.
what every login attempt has in common? right: a POST to wp-login.php.
so, set up a rule for that, name the file wordpress-login.conf (for example), and place it in /etc/fail2ban/filter.d (Debian that is, path might differ on other distros)
the rule is:
Code: Select all
[Definition]
failregex = <HOST>.*] "POST /wp-login.php
ignoreregex =
Code: Select all
[wordpress-login]
enabled = true
port = http,https
filter = wordpress-login
logpath = /var/log/apache2/*-combined.log
maxretry = 3
findtime = 120
the rest should be self-explanatory...max. 3 login attempts within 120 minutes, then ban.
and voila: enjoy your logs getting a little slimmer again...