I’m currently using HideMyWPGhost’s firewall for my security to hide plugins etc from known crawlers amongst other security measures on my server such as anti virus etc.
I use to use Sucuri as my WAF but they was eh at times and would often end up in a 502 error (Engineer from their company confirmed it was not my server config).
I therefore, moved to cloudflare free plan which resolved the 502 errors. But I’m a bit worried it doesn’t have the same protection as sucuri which use to block sql injection etc.
Can someone confirm if cloudflare free plan does the same kind of thing sql injection etc.
I’m also looking for other security recommendations for WordPress, I have 2FA enabled for admin account secure passwords etc Google recaptcha and using wp toolkit I’ve enabled protect sensitive files and directories etc.
You can never be to prepared so fire away with your suggestions 🙂 Criticism is welcome too.
Thanks.