In this article, you will learn:
Protecting WordPress Websites
The WordPress content management system is very popular, as are various kinds of attacks against webs that run it. Even if these attacks fail to breach the web, they increase server load and slow your website down. That’s why WEDOS Global Protection stops this unwanted traffic before it even reaches the web server.
WEDOS Global Protection uses the following methods to protect WordPress websites:
- Blocking requests accessing the files:
- xmlrpc.php, unless the request comes from WordPress
- PHP in the wp-content/uploads folder
- PHP in the wp-includes folder
- wp-admin/admin-ajax.php, unless the request comes from WordPress or Google
- Using captcha:
- for requests from IPs with bad reputation scores (according to UDGER)
- for the URL /wp-admin or containing wp-login
The system also monitors traffic from various IP addresses. If an address makes too many requests over a time period, the system temporarily denies it further access.
All static content (return codes 200, 301, 302) also remains cached for 10 minutes.
Frequently asked questions
Question: How do I get rid of the captcha blocking me from WP administration?
Answer: Captcha protects against unwanted traffic accessing the uncached wordpress administration interface. There can be hundreds such requests in one second, and this load significantly affects your website’s performance. You only need to complete the captcha challenge once per 24 hours. This is why we don’t allow removing the captcha check for WP administration.