Create the following filter for wp-login in /etc/fail2ban/filter.d/wp-login.conf

[Definition]
failregex = ^<HOST> .* "POST /wp-login.php
ignoreregex =

Append the following to /etc/fail2ban/jail.conf

[wp-login]
enabled = true
port = http,https
filter = wp-login
logpath = %(nginx_access_log)s
maxretry = 4
findtime = 7200
# bantime: 1 year
bantime = 31536000