Best Security Plugins for MU? Pro Site links being attacked

My site is under attack by Russian IPs.... again. I use Wordfence plugin for my multisite, it works well and seems to be blocking everything. But its intense and im afraid they will cause damage eventually. The link they are after is http://mysite.com/pro-site/?action=new_blog

What do you guys recommend for general security practices? Do i need more than Wordfence?

  • Adam Czajczyk

    Hey Ocean Digital Corp,

    I hope you're well today and thank you for your question!

    In my opinion Wordfence is definitely one of the best plugins of that kind currently available. I've used IThemes security in the past but it's way "heavier" than Wordfence and uses more resources.

    Apart from this I'd recommend following steps:

    - review your Wordfence settings to harden security settings as much as possible
    - identify malicious IPs (using server logs and/or Wordfence logs) and "cut" them (block) on .htaccess level

    http://www.htaccesstools.com/block-ips/

    - make sure that your WordPress core, all the themes and plugins are up to date
    - make sure to remove all "dead users"/inactive users accounts
    - implement CDN (e.g. CloudFlare)
    - SSL Certificate protection (https://) would be also a great addition to security
    - make sure to take regular backups of your entire site (be sure to keep a few copies back - on other server - to avoid overwriting a "healthy" copy with "hacked" one)
    - ultimately, you may also go for solution such as Sucuri (https://sucuri.net/)

    I'd also consult hosting company to get to know more about their policies and how they handle security threats; sometimes they're willing to take a look at the case and provide additional security level by hardening servers configuration.

    I hope that helps!

    Cheers,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.