If you guys could include this piece of code in your development, that would be great as I wouldn't be worried about updating the plugin and you could also advertise the feature of fail2ban integration.
I added a piece of code just before the: $this -> _delete_old_items(); in the function insert( $args ) in the class-aal-api.php file. You probably could do a better job as the plugin creator ;)
if ($args['action'] == "wrong_password") {
$siteUrl = explode("//", get_site_url());
openlog($siteUrl[1], LOG_PID, LOG_AUTH);
syslog(LOG_NOTICE,"Authentication failure for ". $args['object_name'] ." from ".$args['hist_ip']);
closelog();
}
# Fail2Ban configuration file
#
# Author: Igor Almeida
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = wordpress
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = Authentication failure for .* from <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
[wordpress]
enabled = true
filter = wordpress
port = http,https
logpath = /var/log/auth.log
maxretry = 2
banaction = iptables-allports