One thing I knew is that running a blog, it would be a hit for spam and thousands of unauthorised login attempts to the admin portion of the page. I installed a few plugins to help secure the site and would recommend extra precautions be taken if you run your own site.
First was putting a strong password that would fail a dictionary attack.
Adding 2FA with a plugin was the next step
Banning IP address on the blog was another step and I’ll further add them onto the hosting service
Just to give you an idea, here are some stats just produced by the plugins on here.
Here’s a list for current IP’s that I block and feel free to use them for your own services. I’ll try and update these as I get more data and from various sources. I’ve taken IP’s from attempts on this site, known IP’s from spambots and even attempts on my internet at home from the firewall logs.
I’ve also grabbed IP’s from https://mariushosting.com/ip-block-list/ which I found on a Synology Facebook Group and added them to the above master IP Ban list.
I’ll be curious to know what other methods everyone uses and things to help protect my own security.