2 - Official Wordpress rules for OSSEC.
4 - Author: Daniel B. Cid
6 - This program is a free software; you can redistribute it
7 - and/or modify it under the terms of the GNU General Public
8 - License (version 3) as published by the FSF - Free Software
11 - License details: http://www.ossec.net/en/licensing.html
14 <group name="syslog,wordpress,">
15 <rule id="9500" level="0">
16 <decoded_as>wordpress</decoded_as>
17 <description>Wordpress messages grouped.</description>
20 <rule id="9501" level="5">
22 <match>User authentication failed</match>
23 <description>Wordpress authentication failed.</description>
24 <group>authentication_failed,</group>
27 <rule id="9502" level="3">
29 <match>User logged in</match>
30 <description>Wordpress authentication succeeded.</description>
31 <group>authentication_success,</group>
34 <rule id="9503" level="3">
36 <match>WPsyslog was successfully initiali</match>
37 <description>WPsyslog was successfully initialized.</description>
40 <rule id="9504" level="3">
42 <match>Plugin deactivated</match>
43 <description>Wordpress plugin deactivated.</description>
46 <rule id="9505" level="7">
48 <match>Warning: Comment flood attempt</match>
49 <description>Wordpress Comment Flood Attempt.</description>
52 <rule id="9510" level="7">
54 <match>Warning: IDS:</match>
55 <description>Attack against Wordpress detected.</description>
58 <rule id="9551" level="10">
59 <if_matched_sid>9501</if_matched_sid>
61 <description>Multiple wordpress authentication failures.</description>
62 <group>authentication_failures,</group>