Microblog
Posted on October 20, 2020
PSA: Brute force attacks on WordPress were regularly spinning up enough instances of PHP-FPM to bring my server to its knees. Protecting wp-login.php, wp-admin and xmlrpc.php (via .htaccess) has virtually eliminated this problem. It’s now part of my process for all new WP sites.