Recidives, wordpress and fail2ban

This is what happens when you configure fail2ban to ban recidives one week:

fail2ban-weekThe blue line is a wave of IP addresses probing my sites for a wordpress vulnerability and triggering wordpress-hard, the yellow line represents recidive addresses (hosts blocked more than 5 times over a week, blocked for a week).

See:

How to stop wordpress bruteforce logins with fail2ban

and

A bruteforce botnet targeting a wordpress site