So in July this year I created a WordPress Website. All went well until end of August when its bandwidth nearly hit the roof. I thought I'd been Ddosed and deleted the Website after I'd made a backup to be recreated when I had some time again.
About two weeks ago I finally had time to recreate the Website at Gigarank. This time round I took several security precautions. When I created my "Admin" account I deliberately used a non-admin name. I also used the password generator to get a 100% password. And then after plenty of research loaded the WordFence Security plugin, and what a great experience that has been. What I like about WordFence is that it informs you of what has happened after a security event has taken place. I.e. script kids using scripts to force their way in. Here's an e-mail from Wordfence after such an event:
I received a few of those e-mails and the IPs were all from China.
Next I was wondering whether I should do a country block, but soon learned that that would create BIG problems, as it would slow down the Website. Not a good solution. WordFence was great at picking up the bruteforce attempts, but then after doing some research found some additional protection for bruteforce attempts - BruteProtect Plugin. Reviews looked good. Will see how it goes.
At any rate, at least I learned a bandwidth lesson as well. Those unprotected and unblocked brute force attacks eat bandwidth and can easily lead to exhausting one's bandwidth on a shared server. And possibly suspension. So security like Wordfence and BruteProtect aren't a luxury, but a necessity for people with WordPress Websites.
About two weeks ago I finally had time to recreate the Website at Gigarank. This time round I took several security precautions. When I created my "Admin" account I deliberately used a non-admin name. I also used the password generator to get a 100% password. And then after plenty of research loaded the WordFence Security plugin, and what a great experience that has been. What I like about WordFence is that it informs you of what has happened after a security event has taken place. I.e. script kids using scripts to force their way in. Here's an e-mail from Wordfence after such an event:
I received a few of those e-mails and the IPs were all from China.
Next I was wondering whether I should do a country block, but soon learned that that would create BIG problems, as it would slow down the Website. Not a good solution. WordFence was great at picking up the bruteforce attempts, but then after doing some research found some additional protection for bruteforce attempts - BruteProtect Plugin. Reviews looked good. Will see how it goes.
At any rate, at least I learned a bandwidth lesson as well. Those unprotected and unblocked brute force attacks eat bandwidth and can easily lead to exhausting one's bandwidth on a shared server. And possibly suspension. So security like Wordfence and BruteProtect aren't a luxury, but a necessity for people with WordPress Websites.
