Here is a useful quick post to stop hack attempts to your WordPress web server like wp-login brute force and xmlrpc exploits attacks.
First of all, install the package “fail2ban“:
sudo apt-get install fail2ban
Then add these two rules to your jail file on /etc/fail2ban/jail.conf
[web-xmlrpc] enabled = true port = http,https filter = apache-xmlrpc logpath = /var/log/nginx/*access.log maxretry = 6 [web-wplogin] enabled = true port = http,https filter = apache-wplogin logpath = /var/log/nginx/*access.log maxretry = 2 bantime = 86400 findtime = 600
Please change the logpath according to your web servers access logs
Now add two files on /etc/fail2ban/filter.d like web-wplogin.conf and web-xmlrpc.conf with respectively:
[Definition]
failregex = ^ -.*"POST /wp-login.php HTTP/1..*""