There is no doubt that WordPress is a highly targeted platform in the web world. Botnets, malware, brute force, ransomware, targeted attacks and more are a handful of threats a WordPress owner has to keep in mind from day to day.
There are numerous methods to protect WordPress sites now both with modern technology and some with old school methodologies. For example, when referring to brute force attempts, there are numerous plugins that attempt to solve this issue. As you can see by just searching “limit login” in the WordPress repo. Some of these plugins have been around for years and have done a fantastic job in the past. The problem now is that the brute force script authors have gotten smarter. In the past, these scripts would hammer on a site from just one server or maybe two and the way that these plugins work, they track login attempts based on the attackers IP address. So if you have a bot attacking your site from just one or two IPs addresses, these plugins are super helpful because it’s easy to track.
What’s not helpful, these modern brute force scripts are coming from MANY sources. It could be from 100s of IP addresses which it makes difficult or near impossible for a single site to track and effectively block these brute force attempts.
tinyShield solved this problem however, because we do not track these failed login attempts on the individual site but across ALL of our sites. So if one IP address triggers a failed login attempt once on five different sites, we can block that for ALL of our users. This is a much more effective approach given the massive botnets that try to brute force sites. tinyShield will block these attempts before they can even reach your login page once they are in our blacklist which will save your server resources.
Also definitely worth mentioning is two factor authentication. Even if a bot did brute force an account on your site and got through tinyShield, enabling 2FA (two factor authentication) will prevent that account from accessing the site. Something like Two Factor Authentication plugin is an excellent idea.