We’re developing a new security plugin for WordPress which blocks all traffic to your site except for genuine content.
We’ve been planning to create this plugin because we’ve been seeing a tidal wave of requests for files on WordPress sites that is heavily increasing the load on servers at best and allowing hackers to compromise sites or worse.
Examples of these requests are as follows …
- Attempts to download backup files
- Attempts to download the database
- Attempts to locate plugins with security holes
- Attempts to locate themes with security holes
- Attempts to locate other malicious code
Our plugin uses Apache’s .htaccess file to lock the WordPress site down to only serve genuine content.
This plugin is in its infancy but has been accepted into the official WordPress repository and can be found here.
We would like as much feedback on the plugin as possible so would be delighted if you would let us know if you discover any issues.