Comment on Beware New WordPress Security Theat: The WordPress Misinformation Virus by Fiona.
Thank you for your advise, I would definitely take that into consideration. Right now I’m using Simple Firewall plugin + CloudFlare on my AWS self host server to prevent the attacks, hoping someday my boss will start to see the importance of security and give me some budget to switch to a good web host…(sigh)
And may I suggest, I think it would be great to have a web host check list (what security services should they provide etc.) to help determine a good web host.
Fiona Also Commented
Thank you for the informative article! I’ve been doing a lot of research before, and have met with different suggestions like IP blocking, hide WP / PHP version, change login page URL, stop XMLRPC etc.
And as a layman of WP security, I can’t tell which suggestion is correct and have no time to research them, so that’s why I just use them all. I think that’s the main issue here, most of us didn’t have the knowledge to tell right from wrong, so in the hope of some of it will work, we implement them all. That sounds desperate, right?
But thanks to you and this article, I can begin to understand why IP blocking is not an ideal security measure. Eager to read more!
Also, your article reminds me of a question in mind for a long time:
If the admin doesn’t have the server side security skills to prevent attacks like you mentioned in the article, should he/she use self host server (such as AWS) or a managed host? Or it doesn’t matter as long as CloudFlare is used?