Fail2Ban WordPress XMLRPC Jail and Filter. Notes: log path is set for Plesk v12.x. Change this to appropriate path for your set up. Only works if WordPress is installed in webroot, edit the Filter failregex if installed in sub-directory.

wp-xmlrpc-jail.local

[wp-xmlrpc]
enabled = true
filter = wp-xmlrpc
action = iptables-multiport[name=wp-xmlrpc, port="http,https"]
logpath  = /var/www/vhosts/system/*/logs/*access*log
           /var/log/httpd/*access_log
bantime = 86400
maxretry = 0

wp-xmlrpc.local

# Fail2Ban filter for WordPress XML-RPC

[Definition]
failregex = ^<HOST>.*] "POST /xmlrpc\.php.*
ignoreregex = ^<HOST>.*] "POST /xmlrpc\.php\?for=jetpack.*

This regex matches the entries for sub-directory installs too:
[Definition]
failregex = ^<HOST>.*] "POST (|.*)/xmlrpc\.php.*
ignoreregex = ^<HOST>.*] "POST (|.*)/xmlrpc\.php\?for=jetpack.*