{
  "$type": "site.standard.document",
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreihylhmmua3kixxt2v3zmyp5cyx22wlui4zxbre5c2bosvn2bjkxf4"
    },
    "mimeType": "image/webp",
    "size": 67386
  },
  "path": "/2025-07-12-wpfail2ban/",
  "publishedAt": "2025-07-12T10:29:35.000Z",
  "site": "at://did:plc:ex23caczr45rodrfcxrwps6h/site.standard.publication/self",
  "tags": [
    "security"
  ],
  "textContent": "Mind blown 🤯. I’ve only returned to using WordPress for a few days but *WPFail2Ban *is already proving its worth. Just a sample of the logs I’ve been seeing over the last few hours:\n\nBlocked username authentication attempt for admin2 from <ip_address>\nBlocked username authentication attempt for maria from <ip_address>\nBlocked username authentication attempt for wordpress from <ip_address>\nBlocked user enumeration attempt from <ip_address>\n\nIt’s possible these authentication attempts were happening while I was using Ghost but I just wasn’t aware of them. Nevertheless, it’s a timely reminder to secure your WordPress site. (I’ve blocked user enumeration, username login, and XMP-RPC, while enabling Passkey-based login.)",
  "title": "WPFail2Ban"
}