Hello again Paul. I left you a comment also on wordpress …

By 10th April 2020 Uncategorised

Comment on Beware New WordPress Security Theat: The WordPress Misinformation Virus by CreationP.

Hello again Paul.

I left you a comment also on wordpress support with the same nickname.

I read the article and I found it extremely well written and comprehensible by non-security people. I am a penetration tester as a profession and I also believe that perma banning ip addresses, let alone geo-location banning, is pointless.

On the other hand, using a plugin that will ban an ip address for 30+- mins after 3,4,5 failed attempts will, in the end, provide such a huge barrier to someone trying to brute force you for the fun of it (because 90% of hacking happens for the hell of it rather than acquiring something of value). If I create another obstacle between me and the hacker that would be a bonus for me. The same if I remove that wordpress meta version as many wannabes use online cms finders to tell what cms you are running and then launch attacks.

In short, every well calculating security obstacle that will not make your website unusable by yourself or your visitors is welcome to have even if it is the most minor one. So, banning ip address for a short amount of time is not completely useless.