Thanks for the suggestions. That gives me a starting point.
However, to be useful it would be important to enable Fail2Ban to pick up the IP that WordFence has blocked as close to immediately as possible. Often bots look for a number of vulnerabilities one after the other – so they will probe WordPress, then try and probe phpMyAdmin, then try and probe SSH.
I want to lock them out of the entire server.
@kalashnikovevg, I can work with this suggestion but it means caching the timestamp of the last returned result, so that the query can just get blocks since the last time it ran, then just appending those new entries to a log file. But I’ll look into that. Thanks.
