As explained in Wordpress Codec, I want to prevent brute force attacks for wp-login.php via RewritetRule.
http://codex.wordpress.org/Brute_Force_Attacks#Deny_Access_to_No_Referrer_Requests
Rather than Codex's 301 Status Code, I want to Rewrite as 403 Forbidden status and make it log as "client denied by server configuration" so that Fail2Ban can process the log and block the IP.
I am using below code.
# Stop spam attack logins and comments
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*
RewriteCond %{HTTP_REFERER} !.*example.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) - [R=403,L]
</ifModule>
It forbids the POST attacks as 403 status code, but I do not see any log about the incidence in error_log.
How can I make RewriteRule to log the incidence as normal 403 log in error_log? And is Rewrite + Fail2Ban configuration to deal with Brute Force attacks efficient about server management or not?