Related to this feature: http://www.directadmin.com/features.php?id=1695 It was previously thought that we couldn't tell if the WordPress login failed or not, so the BFM was only counting the attempts. It was reported that the redirect status is a success/failure indicator of success. If a redirect (code 301) happens, then it's a success. If it's a non-redirect with code 200, that implies it's showing the login page, thus a login failure happened. To accomplish this, I've added a "text3" option to the brute_filter.list, now making the 2 entries: wordpress1=ip_after=&ip_until= -&text=] "POST /&text2=/wp-login.php&text3=" 200%20 wordpress2=ip_after=&ip_until= -&text=] "POST /&text2=/xmlrpc.php&text3=" 200%20 Sample log entry for successful login: ... "POST /wp-login.php HTTP/1.1" 302 1151 ... sample log entry for failed login: ... "POST /wp-login.php HTTP/1.1" 200 2024 ... I wanted to use the HTTP/1.1 included in text3, but HTTP/1.0 is still valid protocol, so just used " 200 (with a trailing space), as it's a very low likelyhood of showing up elsewhere on that line due to " only appearing in a few select areas.