NOTICE: Link to heading

This tutorial is assuming that you are using the Swag docker container through UnRaid. If you are, then lets proceed.

1. Edit jail.local Link to heading

At the bottom of the file, add the following block of code.

[wordpress] enabled = true port = http,https filter = wordpress-auth logpath = /config/log/nginx/access.log maxretry = 3 bantime = 3600 ignoreip =

2. Edit filters Link to heading

Inside the filter.d directory create a new config file called “wordpress-auth.conf”

Within that file add the following code:


failregex = .*POST.*(wp-login.php|xmlrpc.php).* (403|200)

You might have noticed that I added 403 reponse code to the regex expression. By default a failed authentication to /wp-admin returns a 200, however, I set up a custom return code for failed authentication to return a 403.

Inside the “wwwrootwp-contentmu-plugins” directory, I created a file called login_helper.php with the following code.

/* Return 403 instead of 200 when wp-login failed */

add_action( 'wp_login_failed', function () { status_header(403); } );

3. Reload Swag Docker Link to heading

You should now be seeing content within the log files under Swag/log

Here you can see a list of IPs that tried to hit /wp-admin on my site but were unable to. Click here to see how to block all public IPs using Nginx.