Hi, I am trying to implement a Wordpress plugin which creates LOG_AUTH entries when incorrect attempts are made to login under wordpress on a "client site". For some reason the code does not seem to generate entries in any LOG AUTH. The only LOG AUTH I can find is /var/log/ispconfig/auth.log which is created for logins to ispconfig. I don't really care if I get a separate LOG AUTH in each /var/www/<website>/log or just one single one in /var/l)og/httpd/ I would think that a single LOG AUTH would be best. Can someone give me a clue as to where to look or what might be blocking the log auth in syslog? I'm using ISPConfig 3.0.5.3 under Centos 6 (kernel 2.6.32) fail2ban is otherwise working. The website running wordpress is using SuExec/FastCGI to execute php/wordpress I envisage a centrally scanned log file to be useful, as it would stop user scans for wordpress and reduce server load to discard logins, it would be up to the client to install the fail2ban script to make it work. Cheers Rajiv
If you like to use fail2ban to protect your wordpress sites, then you might wat to use this plugin: http://wordpress.org/plugins/wp-fail2ban/ the failed logins are then logged to the syslog where fail2ban can read them.
