BruteProtect Fail2ban integration. This includes the mu-plugin, fail2ban filter, and fail2ban config for jail.local

block_brute_address.php

<?php
/**
 * Plugin Name: Block Brute Plugins
 * Description: Custom magic
 * Version:     1.0
 * Author:      Eric Mann
 * Author URI:  http://10up.com
 * License:     MIT
 */
function block_brute_address( $ip_address ) {
    org\lecklider\charles\wp_fail2ban\openlog();
    syslog( LOG_NOTICE, 'Blocked authentication attempt from ' . $ip_address );
    org\lecklider\charles\wp_fail2ban\bail();
}
add_action( 'brute_kill_login', 'block_brute_address' );

#function add_test_footer() {
#    echo '<!-- Testing the mu-plugin-->';
#}
#add_action( 'wp_footer', 'add_test_footer' );

?>

bruteprotect.conf

# Fail2Ban configuration file
#
# Author: Charles Lecklider
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


[Definition]

_daemon = wordpress

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
            ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
            ^%(__prefix_line)sBlocked authentication attempt from <HOST>$
# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

jail.local

[bruteprotect]
enabled = true
filter = bruteprotect
action  = iptables-multiport[name=wordpress,port="80,443"]
logpath = /var/log/messages
maxretry = 1
bantime  = 86400