DigitalOcean WordPress Droplet
DO have done all the hard work to get fail2ban, WordPress, and WP fail2ban working together. They have (quite rightly) kept the configuration very generic.
WPf2b is designed to provide good protection OOB1, but there are a few areas that could benefit from further configuration.
The very first step is to update the filters.
- Adjust max_retry.
- For historic reasons2 DO chose very conservative values; by adjusting them you can improve the protection provided by WPf2b.
- Configure Proxies or Cloudflare (if used).
- Block user enumeration, or force logins with email only.
- Configure LOG_USER to use a separate file.
- Configure WP fail2ban to use LOG_USER.
1 Out of the Box
2 They needed to compromise between security and supporting users who had locked themselves out.