Dear Lazyweb,I have xmlrpc.php disabled, but the botnets love it. Is it safe to fail2ban an IP after a single hit? Or will that result in false positives from other WordPress internals trying to do something stupid?
It's impossible to find a coherent explanation of how it is used or why.
