Hi @rvh, thank-you so much for your glowing five-star review of Wordfence.
Firstly, it’s massively important for our team to hear from a happy customer who the plugin has directly assisted with proven results. Each great review helps other WordPress users make a choice on their site security and we appreciate the time taken to let us know here!
As per www.ads-software.com guidelines, I’m unable to provide ongoing detailed support here in a plugin review, but I feel like I can help out with a little further information about why seemingly small or personal websites can attract much more attention than you think they should.
It can be quite alarming to suddenly see a record of the humans and bots hitting your site with URLs that don’t exist, trying out usernames, or being blocked for trying to access certain areas/plugins – and we totally understand that.
With WordPress’ popularity across the web, hit-and-hope attempts to exploit sites that use it are widespread too. Often, these are automated attacks that pay no attention to your server platform, installed plugins, version numbers, or valid URLs before trying. They are just testing for the low-hanging fruit where a vulnerable version of a plugin hasn’t been updated, there are no security measures in place, or where there might be an easily guessed username/password combination.
You might find the following blog post on the subject interesting:?https://www.wordfence.com/blog/2018/03/ask-wordfence-why-is-an-insignificant-site-like-mine-being-attacked/
Wordfence, as an endpoint firewall cannot stop a bot or human from?trying?to visit your website, but rather deal with the visits appropriately when they happen. Always making sure your plugins, themes, and WordPress itself are on the latest version should limit the chance of one of these attempts succeeding in addition to using long unique admin passwords and 2FA/reCAPTCHA where possible.
I hope that helps you out and all the best going forward!
Peter.
