I have this for sshd:
you have milliseconds?
and also, so should I able to access by “localhost”.
So I have to access to my VPS for have same ip ( I dont know if I can do it with provider)
you have milliseconds?
@wolfseo nah your rules are fine, I have more because those are my personal regex modes, like ban for accessing scripts which does not exists or ddos protection etc… but I am sure you can write your custom jails as well.
Regards the localhost question, I run some cron jobs within my server to some of my website codes and of course I want that ban free… you should put your own ip there… when you in home go online to google and type ip and hit enter, this will give you your public ip and thats what you put there, so your link from your home, would never be banned. Also I dont need to do this as I am hosting my server from my own home which makes scenario very different for me and I can access server from localhost, I think you cannot do that, and that is why you should put your own ip there.
…no milliseconds but seconds on my setup 
(i think you can use minutes but I am old school folk so I use seconds) I told you I am quiet harsh on lost chickens also I do have that enabled for ssh (sshd jail) because I was tired of those chickens trying to bruteforce password login into my ssh even I do not use password auth at all… I use ssh keys only. Some of those chickens does not even check, just start attack via some script or program where they dont see terminal output which means they will get nowhere just wasting my log files sizes, so I ban it after couple of times.
I would change on your ssh jail like this
matches before... 3
max delay... default
time to ban... 525600m (=1 year hit the chicken back hard! perhaps you can use seconds too)
IP never to ban: 127.0.0.1 , your own public IP in your house (so in scenario you try wrong password from your home 3 times, nothing happen, you would still have access as usual)
remember if you restart f2b all rules will be applied however all current bans would be reset/removed - same apply when you reboot system.whole server… but dont worry chickens come around very soon again. Most of the times they change or spoof another ip and try to attack again.
Also f2b is great for harden security on your server… I would suggest you to have look around, minimum I would do is those jails:
sshd
ssh-ddos
proftpd (optional if you use ftp)
webmin-auth
apache (apache-auth)
apache-noscript
apache-overflows
apache-modsecurity
apache-scripts
apache-badbots
apache-getddos
php-url-fopen
postfix
sasl
dovecot
## if you dont have some jails listed here, its possibly because I created them custom towards my own needs.
if you want send me private message with link to one of your wp sites, I will have look on your apache performance and perhaps recommend you some apache tweaks to boost performance… remember less plugins you use the quicker and secure wp can be
thanks, for now I think I dont change the setting, also seem I dont have same IP address (and I am not an expert) because changed from last week (I have something like public wi-fi, not ADSL)
one of website is
I am using few plugin, performance seem good
ah I see… you dont have static IP from your ISP as a standard, well at least you have access to reboot server in case you are banned, you should be fine 
Regards boosting performance on wp, you mostly dont need any plugins if your theme is coded properly and you optimize db from time to time… I will have look, just one minute
Yes I resolved with a reboot last time
thanks