This plugin hardens your WordPress installation against most attacks. If you examine the settings, you will find that there is a very large blacklist already on your site. These IP addresses are blocked from all of my websites for attempting to login or other suspicious activity. I host quite a lot of these sorts of sites, and any site with forms like login or email forms occasionally get found by robot scripts or previously infected machines. The IP addresses of those devices tend to be the same or within IP ranges… so it makes sense to block them from every site when I find them. This plugin will also add users to the ban list on its own if a user attempts the incorrect password too many times, guesses the username “admin” or tries to access non-existent files in excess. There are certain URLs and usernames which I will manually add IP addresses to the list, but the plugin takes care of itself for the most part.
This plugin writes directly to the .htaccess file and disables a lot of permissions for various types of access to multiple files. I enable most of the available features within this plugin. In combination with other .htaccess rules I put in place, your WordPress install is as secure as possible at all times.
This plugin also keeps a detailed log of errors of various sorts. This can help us locate and identify links to files or pages that have been renamed or no longer exist. This plugin alters how certain files are accessed, preventing write access to many critical WordPress files. It can be set up to make automatic database backups as well, although that’s not necessary since daily backups of the entire home directory are already made by the server. The IP blacklist and automatic lockout features of this plugin are the primary reasons I use this plugin.