What does “Protect wp-login” mean?

Glad to help:

1) “What exactly are the “Protect WP Login Page” and “Protect WP Admin Area” doing?”

When enabled, Protect Login Page means that the plugin will include the login page in its monitoring and blocking. Likewise with Protect Admin Area, means that the plugin will monitor/protect admin pages.

2) “Will the pro-version be faster when it comes to loading requests in the Armory?”

Both plugins use the same logic for the Armory lookups.

The reason Armory can load slow is because that is where all the “heavy lifting” happens. If the plugin were to make GeoIP lookups, hostname queries, and other expensive requests in real-time as people visit the site, it would slow things down significantly. This is what a lot of other security plugins get wrong. Instead of draining resources and zapping performances for actual visitors, Banhammer saves all the processing for just the admin user as they visit the Armory. That helps your site/pages to load as fast as possible.

That in mind, the loading of items in the Armory is a trade-off between performance and usability. If the allowed lookup intervals are set too high, then Armory items may take longer to load. Conversely, if the lookup intervals are too low, then the Armory can time out before all the items are processed. Of course, other factors are involved, such as server capabilities, network traffic, and so forth. Based on user feedback and testing, I have tuned the Armory to find that balance, although it is possible to modify the intervals if needed.

3) “I can see from my Matomo (Statistics) that MANY, or almost all of the requests showing up in “Banhammer” as requests to wp-login.php and requests from contries like Pakistan, India, Russia etc.. they do not show up in Matomo. Why is that?”

I’m not familiar with Matomo, but in general the login page is way more heavily targeted by bad actors. For example, brute-force and drip-force attacks are very common, especially for WordPress. So you’re gonna see all of that with Banhammer login protection enabled.

4) “Does every woocommerce installation experience this, or is this more than average. What should be done about it?”

I have no idea about woocommerce stuff, but in general just blocking any unwanted traffic is a solid way to fend off the attacks.

I hope this all helps, let me know if I can provide any further infos.

• This reply was modified 2 years ago by Jeff Starr.

Thanks! That makes things clearer.
But will Banhammer block or ban anything automatically in the free version, or will it just be monitoring, and then I have to block the hits I see on wp-login.php myself?

[…] but in general just blocking any unwanted traffic is a solid way to fend off the attacks.

Yes – this is what I want to do.
I am willing to spend some money on this, but I do not want to spend it on any of the “big bloaty security plugins”.

What would you suggest – to block unwanted traffic, without using a heavy plugin or sacrifice page speed?

Both free and pro monitor and block whatever you tell it to block. Free can block based on IP address or WP username. Pro can block based on those and also user agent, request URI, and referrer.

For alternatives to the big “all in one” type plugins, I recommend everything in our security guide would be my best advice.

?? that link was new to me. Thanks!

You are very welcome! And thank *you* for the great review ??