New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Which one answer this question better? LET or WHT?
WHT
Give Wordpress its own folder (use method 2):
https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory
Set whatever security you want to use to block direct access to wp-login/xmlrpc.php
Well it just so happens that THAT was the question. Plus I'm not really sure that changing from root directory to some other directory really hides the path because there are plenty site links in index.php.
I used this work very well. https://www.qualityology.com/tech/stop-automated-comment-spam-brute-force-login-attack/
WAF
You can use Cloudflare as cheapest or try other combinations.
Right now I used both mod_security+CSF custom rules and it is working great. Seems mod_security rules working better than CSF rule but it is making slow load (maybe) and creating lot of access_logs, error_logs etc.