It really depends on how much customization has gone into the site. TechCrunch, Wired, and TIME all use WordPress for example, but their theme is customized to the point where you can’t really tell that it’s WordPress. There are some ways to tell though, for example some of the larger sites are hosted by Automattic (these say “powered by WordPress VIP” in the footer), and /wp-admin usually still works to go to the login page.
But I also recommend you to change the SSH port to another, is simple and pretty effective as all those bots are always using the default port and not doing a deep scan.
It really depends on how much customization has gone into the site. TechCrunch, Wired, and TIME all use WordPress for example, but their theme is customized to the point where you can’t really tell that it’s WordPress. There are some ways to tell though, for example some of the larger sites are hosted by Automattic (these say “powered by WordPress VIP” in the footer), and
/wp-adminusually still works to go to the login page.deleted by creator
I suppose you also configure some
fail2banrules to ban those bots. Seems to be the easier way.deleted by creator
There is a guide how to protect password brute force over SSH, which is the most attacked https://medium.com/@bnay14/installing-and-configuring-fail2ban-to-secure-ssh-1e4e56324b19
But I also recommend you to change the SSH port to another, is simple and pretty effective as all those bots are always using the default port and not doing a deep scan.
deleted by creator
Oh well, I only run services on my cloud, so I need to get SSH to manage them. hehehe 😄
deleted by creator