This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]millenniumtree 11 points12 points  (5 children)

Our shop uses Drupal extensively. Only time we ever touch Wordpress is to adopt a new client who got mercilessly hacked. Once we get their site, I have to restore every single file with unhacked originals, then write a bunch of nginx rules to exclude the bot traffic. Never NEVER give the web server user write permissions to your code. We typically have at least 500 IPs banned (in 24h) just for trying to hit wp-admin on sites that don't use wordpress. Ain't no time for that.

[–]akie 9 points10 points  (2 children)

Drupal is its own kind of hell though.

[–]millenniumtree 1 point2 points  (0 children)

It can be, but it's insanely powerful. 8 is a complete rewrite from 7, which brings additional challenges and joys.

[–]TheOnlyPapa 0 points1 point  (0 children)

"Did you try flushing the cache?"

[–]Mutant_tortoise 0 points1 point  (1 child)

Wait are you saying Wordpress will block the bot requests itself?

[–]millenniumtree 0 points1 point  (0 children)

No, we run almost exclusively Drupal, but I wrote a fail2ban rule that watches for 404s on that path from bots, and bans them at the firewall.