Thanks for the reply … I suppose that a change to the fail2ban filter is also in order (_daemon = wordpress -> _daemon = wp). Correct?
How can I modify the filter then? My weekly logwatch is getting huge with unmatched entries of
wordpress(something >= 17 chars): Authentication failure for ____ from ___: 1 Time(s)
