[ad_1]
Basically what the title says.
If I check wordfence it is constantly being updated with new attacks and recently I’ve been getting emails saying “increased attack” which led me to learning about SQL injection and also xmlrpc
Is this normal? Do I just let wordfence do its job or are is there something else going on that is making my website a target.
Also, why does whois exist if literally every website ever is covered with some @[abuse.com](mailto:[email protected]) email
[ad_2]
That is normal. There are attacks going on all the time. Almost all or all of them will fail even if you are not using a security solution. Wordfence could tell you whether the attacks would have succeeded if they hadn’t blocked them, but they seem more interested in creating FUD than providing their users with helpful information.
Your best options would be to limit notifications or move to another security solution that isn’t trying to scare you like they are.
your site will be “found” by the good and the bad guys pretty soon after it goes live on the internet. such “attacks” are common – these are mostly automated crawler bots looking for vulnerabilities. keep your stuff (core, themes, plugins) updated. don’t install shady stuff. use a web host that keep underlying stack like kernel, OS, DB, PHP, server software, etc updated (most will). i personally don’t use wordfence or any other security plugin, but they have their use case.
i have my site behind cloudflare (medium security settings), and use as few plugins as possible with everything set to update automatically (with backups in place in case something breaks). my host uses litespeed server which has a wordpress bruteforce protection module.