I have a WP site in a shared hosting server (LAMP stack).

Receiving a lot of 404 errors (security plugin log file) for bots looking for non-existing wp-login url (Ex. example/en/wp-login.php).

Trying to block them with a rewrite rule like this:

   RewriteCond %{REQUEST_URI} /en/wp-login\.php$
   RewriteRule ^.* - [F]

1) I would need to catch all possible calls to wp-login.php (any subdirectory /en/ /fr/ and so on...)

A condition like this should work?

    RewriteCond %{REQUEST_URI} ^(.*)/wp-login\.php$

2) I would like to save automatically all bad bots IPs in a blacklist as soon as they look up for wp-login.php file.

I've found this script to create a blacklist and lookup for IPs in order to block them:

    RewriteMap    hosts-deny  "txt:/path/to/hosts.deny"
    RewriteCond   "${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND}" "!=NOT-FOUND" [OR]
    RewriteCond   "${hosts-deny:%{REMOTE_HOST}|NOT-FOUND}" "!=NOT-FOUND"
    RewriteRule   "^"  "-"  [F]

Any idea on how to save automatically IPs in deny-hosts file?

Thanks for any advice.

Regards