I’ve been using Jetpack Free for a while, it shows hundreds of thousands of blocked brute force attempts and blocked spam comments over the past several years.
I have a very secure password and am very careful with plugins installed. Most likely thanks to that, I’ve never had a hack problem in many years. At least that I know of, I suppose.
I do continue to get spam login attempts however, and had a few questions:
1. **How do I delete all \~50,000 users at a time** *(except for the one admin account I use?)* \- *assuming that is a good choice to stop the login spam attempts/password change spam I am seeing via Wordfence now?* The users page only allows deleting 20 at a time.
2. When “allow anyone to create an account” is disabled, people can still post comments replying to articles normally right? *(I* ***just*** *turned this off, I used to think it needed to be on to get comments, but I’m reading now that is not the case. I do get a decent amount of real comments on articles.)*
​
* Anything else you’d suggest I do?
1. Is Wordfence 2FA reliable (won’t ever lock me out) and considered safe/recommended?
2. I do also have many backups saved externally at intervals via the UpdraftPlus going back for a long time
3. I was going to add recaptcha to the login/register page, but is that still worth doing now that I have “allow anyone to register” turned off?
Thanks for any help! I’ve searched and acted on what I read so far, but still have the above questions remaining that I haven’t seen solid answers for.