diff --git a/README.md b/README.md
index e78fc9f..69f12b6 100644
--- a/README.md
+++ b/README.md
@@ -2,10 +2,10 @@
 
 ### Linux
 
-- [Installer Debian 13](debian13.md)
-- [Installer Raspberry Pi OS](debian13.md#raspberry)
+- [Installer Debian 13](debian13/debian13.md)
+- [Installer Raspberry Pi OS](debian13/debian13.md#raspberry)
 - [Configurer l'accès à distance](ssh.md)
-- [Administrer les paquets logiciels](package.md)
+- [Administrer les paquets logiciels](debian13/package.md)
 
 #### [Reverse Proxy](reverse_proxy.md)
 
diff --git a/debian13.md b/debian13/debian13.md
similarity index 97%
rename from debian13.md
rename to debian13/debian13.md
index b5bc767..d8d00ab 100644
--- a/debian13.md
+++ b/debian13/debian13.md
@@ -8,7 +8,7 @@ Advanced options ...
 
 ... Expert install
 
-![Debian GNU/Linux UEFI Installer menu](debian13/installer_menu.webp)
+![Debian GNU/Linux UEFI Installer menu](installer_menu.webp)
 
 ### Debian installer main menu
 
@@ -22,7 +22,7 @@ Advanced options ...
 - Paramètres régionaux supplémentaires :
   - Ne rien sélectionner (Continuer)
 
-![Choose language](debian13/choose_language.webp)
+![Choose language](choose_language.webp)
 
 ### Menu princinpal du programme d'installation Debian
 
diff --git a/package.md b/debian13/package.md
similarity index 100%
rename from package.md
rename to debian13/package.md
diff --git a/security/reaction.md b/security/reaction.md
index 5c6d61f..393ddcc 100644
--- a/security/reaction.md
+++ b/security/reaction.md
@@ -1,6 +1,6 @@
 # Reaction
 
-Reaction est un service qui scan les sorties des fichiers et effectue des actions  dand un usage est détecté.
+Reaction est un service qui scan les sorties des fichiers et effectue des actions quand un certain usage est détecté.
 
 
 ```shell
@@ -13,12 +13,39 @@ reaction show
 ```
 
 ```
+local bots = [
+  "ChatGPT-User",
+  "DuckAssistBot",
+  "Meta-ExternalFetcher",
+  "AI2Bot",
+  "Applebot-Extended",
+  "Bytespider",
+  "CCBot",
+  "ClaudeBot",
+  "Diffbot",
+  "FacebookBot",
+  "Google-Extended",
+  "GPTBot",
+  "Kangaroo Bot",
+  "Meta-ExternalAgent",
+  "omgili",
+  "Timpibot",
+  "Webzio-Extended",
+  "Amazonbot",
+  "Applebot",
+  "OAI-SearchBot",
+  "PerplexityBot",
+  "YouBot",
+  "Yandexbot",
+  "Baiduspider"
+];
+
 local banFor(time) = {
   ban: {
-    cmd: ['nft', 'add', 'element', 'inet', 'reaction', 'banned_ips', '{ <ip> }'],
+    cmd: ['nft', 'add element inet reaction banned_ips { <ip> }'],
   },
   unban: {
-    cmd: ['nft', 'delete', 'element', 'inet', 'reaction', 'banned_ips', '{ <ip> }'],
+    cmd: ['nft', 'delete element inet reaction banned_ips { <ip> }'],
     after: time,
   },
 };
@@ -31,41 +58,31 @@ local banFor(time) = {
   },
 
   start: [
-    // Table
-    ['nft', 'add', 'table', 'inet', 'reaction'],
+    ['nft', |||
+    table inet reaction {
+      set whitelist_ips {
+        type ipv4_addr
+        flags interval
+        elements = { 192.168.137.0/24 }
+      }
 
-    // Set pour IP bannies
-    [
-      'nft', 'add', 'set', 'inet', 'reaction', 'banned_ips',
-      '{', 'type', 'ipv4_addr', ';', 'flags', 'interval', ';', '}'
-    ],
+      set banned_ips {
+        type ipv4_addr
+        flags interval
+        auto-merge
+      }
 
-    // Chaîne INPUT
-    [
-      'nft', 'add', 'chain', 'inet', 'reaction', 'input_filter',
-      '{', 'type', 'filter', 'hook', 'input', 'priority', '0', ';', '}'
-    ],
-
-    // Chaîne FORWARD
-    [
-      'nft', 'add', 'chain', 'inet', 'reaction', 'forward_filter',
-      '{', 'type', 'filter', 'hook', 'forward', 'priority', '0', ';', '}'
-    ],
-
-    // Règles d'utilisation du set
-    [
-      'nft', 'add', 'rule', 'inet', 'reaction', 'input_filter',
-      'ip', 'saddr', '@banned_ips', 'drop'
-    ],
-    [
-      'nft', 'add', 'rule', 'inet', 'reaction', 'forward_filter',
-      'ip', 'saddr', '@banned_ips', 'drop'
-    ],
+      chain input {
+        type filter hook input priority 0
+        ip saddr @whitelist_ips accept
+        ip saddr @banned_ips drop
+      }
+    }
+||| ],
   ],
 
   stop: [
-    // Une seule commande supprime tout proprement
-    ['nft', 'delete', 'table', 'inet', 'reaction'],
+    ['nft', 'delete table inet reaction'],
   ],
 
   streams: {
@@ -76,14 +93,30 @@ local banFor(time) = {
           regex: [
             @'authentication failure;.*rhost=<ip>',
             @'Failed password for .* from <ip>',
-            @'banner exchange: Connection from <ip> port [0-9]*: invalid format',
+            @'Connection from <ip> port [0-9]*: invalid format',
             @'Invalid user .* from <ip>',
+            @'Timeout before authentication for <ip>',
           ],
           retry: 3,
           retryperiod: '6h',
           actions: banFor('96h'),
         },
       },
+    },
+
+    apache: {
+      cmd: ['tail', '-n0', '-f', '/var/log/nginx/access.log'],
+      filters: {
+        aiBots: {
+          regex: [
+            // User-Agent is the last field
+            // Bot's name can be anywhere in the User-Agent
+            // (hence the leading and trailing [^"]*
+            @'^<ip> .* "[^"]*(%s)[^"]*"$' % std.join('|', bots)
+          ],
+          actions: banFor('30d'),
+        },
+      },
     }
   },
 }
diff --git a/wordpress.md b/wordpress.md
new file mode 100644
index 0000000..5bf2240
--- /dev/null
+++ b/wordpress.md
@@ -0,0 +1,10 @@
+curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
+php wp-cli.phar --info
+chmod +x wp-cli.phar
+mv wp-cli.phar /usr/local/bin/wp
+
+
+crontab -u eureka -e
+
+
+5 * * * * /usr/local/bin/wp --path=/home/eureka/wp6 cron event run --due-now >> /home/eureka/wp-cron.log 2>&1