I am looking for a recommendation.
We are currently running Brute protection, following WPMU's recommendations, Login Limits, salting, etc, but we had a meeting and our server team notified us that brute attacks are an issue - spikes up to 25% plus of our server. We are salted, etc, etc... as well...
So, with that being said. I am looking to step up our game. We do have the standard login for WP and they said they (IT) recommended changing the admin URL.
Wordfence doesn't have this feature, but some literature seems to indicate hiding the login page is an act of futility while ithemes Security incorporates it as a standard feature.
Wordfence has GEO IP blocking which I guess is good for IP masking or foreign attacks, and that feature is coming soon to iThemes.
My goal is to capture as much data as possible and reduce overall server usage as these attacks occur and of course, protect our client websites while minimizing downtime.
We have a lot of users so incorporating 2-factor authentication may be a little tricky. It would be nice to selectively add this to certain sites.
We are obviously multiuser and incorporate a dedicated server.
Oh yeah, I was also looking at http://www.htaccesstools.com/htpasswd-generator/ as well. Just throwing it out there.
I figure these tools will replace some of our add-ons, but that's okay. Just a pain to replace it. :slight_smile:
As always your professionalism is a greatly appreciated.