Having a WordPress website is often great, but it also makes you vulnerable for all kinds of attacks and mischief – Or maybe not vulnerable, but it invites many wrong doers to try and attack you. You’re an easy target. Let’s make it a bit less easy for them without using plugins!
Recently I’ve been plagued on another website by slowness, the occasional downtime and other annoying stuff. Paying more attention to usage stats and the error_log it turns out there was a bunch of stuff going on. A few of IP Addresses constantly tried something with wp-login.php and some other pages and files being loaded over and over again for no apparent reason.
Another issue was the RSS feed WordPress generates. Sure, it works fine. But if you get almost 10000+ requests on it per hour, that’ll slow things down, too. Sometimes.
So I did some research and have come up with a few things to try and prevent this kind of behavior. Of-course it’s no use blocking IP addresses but you can prevent access to things or if they access those things lessen the load on your server a great deal.