I am hosting with Godaddy in a shared Cpanel account with 'level 3' resources. I host a WP multisite with about 12 blogs and in addition 4 WP single sites. Since about 4 weeks I noticed much increased I/O usage which lead to frequent downtime (faults) of my site. I had installed Defender and enabled both IP lockouts and 404 Detection, both locking out IPs for 3600 seconds after only 2 attempts and permanently banning all IPs.
While Defender sends me email notifications about such lockouts - now one email every 5 minutes or so - using Defender had not reduced or 'rectified' these attacks. Only after I deactivated several of my blogs in the multisite, did the attacks subside (see attached screenshot of the resource graph before and after). This went well for a few hours but since there was another wave of attacks, again resulting in faults, for about 10 minutes or so. Currently, all seems 'quiet' but only because most blogs are still deactivated.
I now have 3 questions:
1. What, if anything, does Defender do to 'fight' such attacks? Receiving emails about them is fine, but they will not 'fight' or rectify these attacks. So, what's next?
2. My list of banned IPs is of course growing all the time; but will this eventually lead to a 'drying up' of the attacks or can I expect that these will continue for ever (or a very long time at least)? Will the attacking IPs eventually dry up?
3. I am also confused regarding the 'banning' of IPs: the email that Defender sends only talks about a ban for 3600 seconds, but it does not mention whether that same IP has actually been permanently banned.
So, in other words, what is the actual 'net' benefit of having installed Defender; it doesn't seem to prevent any attacks - or does it?
I have granted you support access - just in case you wanted to check my setup.
Thanks in advance for your assistance.