Many WordPress hacks come from malicious bots that are programmed to crawl the web looking for WordPress sites. Once they find one, they’ll add “/wp-admin” to the end of the site’s URL to get to the login screen and try to force their way in. We’ll change the location of your WordPress login to whatever you want and add it to your server’s cache exclusions.

Next, we’ll install Wordfence and setup your endpoint firewall and malware scanner. The free version receives firewall rules and malware signatures created by the industry-leading Wordfence Threat Intelligence team after a 30 day delay.

Robust security tools included are:

• Plugin/Theme Vulnerability Monitoring
• File Change Detection
• Intrusion Alerts
• Rate Limiting
• Brute Force Protection
• Login Security – 2FA & RECAPTCHA

Cloudflare protects against the largest and most sophisticated attacks. After WPhost onboards your website to Cloudflare and enables your domain to use their nameservers, you’ll immediately gain unlimited and unmetered mitigation of DDoS attacks. Cloudflare’s global and local DoS mitigation systems work in concert to protect new and existing threats of any size or kind against your website.

We’ll also turn on Bot Fight Mode to help detect and mitigate bot traffic on your domain. When enabled, Bot Fight Mode identifies traffic matching patterns of known bots, issues computationally expensive challenges in response to these bots and notifies Bandwidth Alliance partners (if applicable) to disable bots.