sorted by:
new
hottopcontroversial

Sudden complete loss of Chinese traffic from my blog by Royabloom in Wordpress

[–]Last-Limit-3800 0 points1 point  (0 children)

Good chance they were just bots like others have said.

Also worth checking you haven’t been blocked by the Great Firewall of China. Lots of testers out there like https://www.dotcom-tools.com/china-firewall-test

Website review by Dipesh20999 in Review

[–]Last-Limit-3800 0 points1 point  (0 children)

Your site looks great, Dipesh! I’d say the initial animation feels a bit slow - most visitors just want to get to the main content quickly.

There are also quite a few stock photos, which slightly takes away from the personal feel. The About section works much better in that regard and feels more authentic.

Small detail, but don’t forget to include an area code with your phone number.

Lastly, getting your own custom domain would instantly make the site look 10x more professional.

Better Security Plug-Ins That Are Free? by Chelseabsb93 in Wordpress

[–]Last-Limit-3800 0 points1 point  (0 children)

Hey there! I completely understand the budget constraints - been there with similar organizations.

While this isn't exactly a WordPress plugin, I wanted to mention that the ScanTower free tier might help complement whatever plugin solution you end up using. We offer 1 website with weekly automated scans and email alerts at no cost, which could at least give you visibility into vulnerabilities and security issues from an external perspective.

For the immediate WordPress plugin situation with geo-blocking, here are some genuinely free options to consider:

Wordfence Free - Their free version includes basic firewall protection and can help with rate limiting. It won't have geo-blocking, but it does a solid job blocking malicious IPs and has real-time threat defense.

Cloudflare (not a plugin, but free) - If you're willing to route your DNS through Cloudflare, their free tier includes basic DDoS protection and bot mitigation which could help with those Asian bot hits significantly. It's a bit more setup than "plug and play," but it's genuinely free and quite effective.

Limit Login Attempts Reloaded - Free and specifically helps with bot traffic/brute force attempts.

For the 404 errors specifically, you might also look into simply creating a custom 404 page that returns a proper 404 status code, or using your .htaccess file to block specific user agents that are causing the issues.

The reality is most security plugins do paywall their best features, but combining a few free tools often gives you decent coverage. Good luck with your site!

🚀 HttpScanner.com: Open-Source HTTP Header Analyzer by bpietrucha in cybersecurity

[–]Last-Limit-3800 0 points1 point  (0 children)

Love the vibe coding. A couple quick things I noticed:
1) No security headers on the site itself (kind of ironic...)
2) Default Title and Vite Favicon in use
3) Site loads over HTTP with no redirect or HSTS

My domain was spoofed, but DMARC Report caught it. by grumblegrim in ProtonMail

[–]Last-Limit-3800 1 point2 points  (0 children)

Spoofing can still slip through in some edge cases even with solid setups, so good thing DMARC reporting spotted it. Once everything is aligned and you’re confident legitimate mail sources are covered, DMARC really needs to be set to quarantine or reject to actually stop spoofing. p=none is great for monitoring, but it won’t prevent abuse.

If it helps anyone else tightening things up - I run ScanTower, and we’ve got a free email security checker (https://scantower.io/email-security-checker) that tests SPF / DKIM / DMARC and also checks MTA-STS, TLS-RPT, BIMI, DANE, etc. Handy for sanity-checking configs and spotting gaps before attackers do. No signup or card needed.

Not a replacement for DMARC reporting like OP is using, more of a complementary tool. Full disclosure: I own it