Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Use an existing security plugin.
*Drinks coffee*
It’s a bottomless pit you’re looking into. 😉
You really need to define what you’re trying to accomplish. Blocking geo IP’s isn’t really security. If your site is being attacked then there’s a few things you need to ask yourself.
1. Are the attacks trying to brute force login via login.php and xmlrpc.php?
2. Are they trying to exploit old code weaknesses?
3. Does the volume of those attacks cause a problem for my web server’s resources?
Each has it’s own solutions that has nothing to do with any “security” plugin.
1. Use strong passwords. I use 1Password but there are many others. That software easily lets me managed a password like HkCYrxwh2qr+oYah8Hdq. Mathematically 43 QUINTILLION YEARS to cycle through.
https://howsecureismypassword.net/
Also use a 2FA plugin. My password is strong (that’s not my password BTW) but when it’s put in I need to enter in a one time password that’s only good for a 30 seconds then expires.
2. Keep your software up to date. That includes your server’s software outside of WordPress.
3. Attacks should be fine but if your server is straining against that then you’d need to consider getting better hosting. That’s not really a WordPress issue though there are plugins that will help with brute force attacks.
*Re-reads*
That’s pretty much it. You can try to write a “security” plugin if you like but as I said it’s a bottomless pit.
Jan makes good points. Still, bottomless pits can be enjoyable to explore, and even useful in some cases. Here’s a good place to start http://www.wpbeginner.com/beginners-guide/what-why-and-how-tos-of-creating-a-site-specific-wordpress-plugin/
Hi Jan. It is my pleasure to learn how to write a new security plugin from stracht. Maybe some day i can make a premium version and sell a new unique plugin.
Using an existing plugin may help but it is hard to learn every code and develop new things over it.