Here is the regex for Fail2Ban jail that Lila made. I also use recidive jail to set long bans on all ports for repeat offenders.
Go to Networking ⇾ Fail2Ban Intrusion Detector: Log Filters page;
Click Add a new log filter button;
Fill the following fields:
3.1. Filter name: wordpress;
3.2. Regular expressions to match:
<HOST>.*POST.*(wp-login\.php|xmlrpc\.php|account\/signin).* 200
3.3. Click Create button;
Go to Networking ⇾ Fail2Ban Intrusion Detector: Filter Action Jails page;
Click Add a new jail button;
Fill the following fields:
6.1. Jail name : wordpress-domain-com;
6.2. Filter to search log for: wordpress;
6.3. Currently enabled? set to Yes;
6.4. Log file paths:
/var/log/virtualmin/domain.com_access_log
6.5. Click Create button;
Enjoy
Note: A backend may need to be manually defined as described in this comment.