This article is to address brute force login attempts on WordPress websites hosted with WireFlare. 

Note: The information contained herein is designed to work on WireFlare Shared Hosting packaged only.  If you are a server admin and would like to see how we implement this security measure please visit this blog post.

All WireFlare shared hosting servers have unique Fail2Ban jails in place to prevent a variety of different attacks on our servers.  We have developed a special jail specifically geared towards WordPress because of it's high likelyhood of attack.  If you would like to take advantage of this additional security please add the below code to your functions.php file located in your theme directory.  Once it's installed we'll handle the rest!

const SYSLOG_FACILITY = LOG_LOCAL1;
 
add_action('wp_login_failed', 'log_failed_attempt');
 
function log_failed_attempt( $username ) {
    openlog( 'wordpress('.$_SERVER['HTTP_HOST'].')', LOG_NDELAY|LOG_PID, SYSLOG_FACILITY);
    syslog( LOG_NOTICE, "Wordpress authentication failure for $username from {$_SERVER['REMOTE_ADDR']}" );
}

If you have any questions please file a support ticket in your customer center.