Is this the right choice?

Hi all - I manage a 20 site setup using Cloudways and all sites are wordpress. When wp-admin was left as the login, it would get overloaded every now and then - I added a security plugin that includes a brute force protection changing wp-admin to another login.

I have had to disable the entire suite of websites during this most recent attack that seems to be focused again on the non available wp-admin and xmlrpc attacks.

They get approximately 10,000 unique users per day - will a free plan be enough to cover this at least to start? - but again, the site and all of its derivatives are down right now.

Cloudflare recently introduced Custom Firewall rule. You can use that do all magic.


  1. Limit login page to your country
  1. Or, you can prefer I am under attack mode just for login page.

Both approach should help. Another thing you can do is just change your login URL using a plugin and set firewall rule to block all request coming to /wp-login.php page. :slight_smile:

A Free plan is intend for testing purpose, personal small site. If you have a business nature website, why not go with Pro Plan. You can get more advanced feature such as Automated Image optimization, Web Firewall for WordPress, more page rules, etc.

This topic was automatically closed after 31 days. New replies are no longer allowed.