05-26-2020, 12:40 AM
(05-17-2020, 05:11 PM)fChk Wrote: I did post a reply yesterday where I was asking the OP's author to tell us what web server he was running. After a brief reflection, I removed it...
Reading the post bellow, I'm now sure I did the right thing.
Just for the record. A datacenter can only "protect" you from network-based attacks, not application-layer ones. Your website, on the other hand, is as safe as the code running it!.. A vulnerability here or there and you're open to ABUSE... That's all it takes!
Because you're running a well-known generic CMS, whose code is public domain, thus everybody knows where to search for stuff, then you better have as a good knowledge of it as the next guy who will be "knocking" on your website's door.
This is why my position on generic CMS, forums etc has always been a NO GO!... especially for people who don't realize the challenge they are facing, by just using it. Of course, no one is listening to my extremist view on this :-)
For the admin section of the Wordpress CMS, it's a well-know target for script kiddies. The IP-filtering is the classic shield, as suggested above.
Good luck anyway!
it is true . no system is safe and datacenter probably only have protection for DDOS attack . i rarely see datacenter have WAF that actually protect web application . for the security of wordpress or CMS it is up to you . start by installing security plugin to prevent most wordpress attack . and also use WAF or web application firewall if available to prevent attack of the web application . in this case wordpress
humanpuff69@FPAX:~$ Thanks To Shadow Hosting And Post4VPS for VPS 5