cscli scenarios install crowdsecurity/http-bf-wordpress_bfDetects bruteforce on wordpress login page 'wp-login.php'.
leakspeed of 10s, capacity of 5
1type: leaky2name: crowdsecurity/http-bf-wordpress_bf3description: "Detect WordPress bruteforce on admin interface"4debug: false5# failed auth on wp-login.php returns 2006filter: "evt.Meta.log_type == 'http_access-log' && evt.Parsed.file_name == 'wp-login.php' && evt.Parsed.verb == 'POST' && evt.Meta.http_status == '200'"7groupby: evt.Meta.source_ip8capacity: 59leakspeed: 10s10blackhole: 5m11labels:12 confidence: 313 spoofable: 014 classification:15 - attack.T111016 behavior: "http:bruteforce"17 label: "WordPress Bruteforce"18 service: wordpress19 remediation: true20