(07-22-2020, 03:20 PM)enderandrew Wrote: I agree that .htaccess protection is a better approach.
Never said better, more like an additional layer.
I'm pretty sure there isn't a (simple) htaccess equivalent to allow a unique identifying a user,
(the simplest way is probably a php session-cookie), measuring the rates of the bandwidth used,
and optionally reduce the server load by bandwidth-rate-controlling or connection-closing.
Such logic is best served close-to-the-server, and there are most likely Apache/nginx server-plugins for that,
but none that I've came across with cheap shared-hosting (please let me know you know otherwise!)
However, some CDNs can do that for you (Akamai/Cloudflare/..) though.
With a (free) WordPress plugin: https://www.cloudflare.com/integrations/wordpress/
Anyway, the cloudflare one seems a fairly nice addition of a security/stability layer to a WordPress based website.