Here's how you can get a free plugin called Wordfence to protect your WordPress blog.
1. Go to the Wordfence site.
2. Click the Download and Install Wordfence button (or simply install it from the plugin page on your WordPress blog).
Here's a brief sample of Wordfence features:
"Repair infected core, theme and plugin files
Show you what has changed in your infected files
Constantly scans your posts, pages, comments and plugins for malware URL’s
Shows you all your traffic in real-time giving you situational awareness to help your security decision making.
Separate human and crawler traffic intelligently.
Show you detailed data on traffic including reverse DNS lookups and city level geolocation."
The plugin itself is free, but Wordfence also offers premium API keys that let you block countries and schedule scans for specific times.
Here's a list of prices for the API keys:
1 API Key: $17.95 per year
3 API Keys: $35.95 per year
10 API Keys: $89.95
Here are more details on what you get as a paid customer:
"Scan as frequently and whenever you like using our comprehensive scan scheduling feature.
Use our commercial country to IP database to block malicious traffic. This database has a 99.5% accuracy rate and is frequently updated by us. It’s useful in the event of an emergency where a hacker based in a specific country is targeting your site.
Have access to new premium features as we release them.
Get priority email support from our team"
I highly recommend paying for the premium API keys if your Wordpress blogs are plagued by bots from various countries. You can easily pick and choose the countries you want to block. This will save on server resources, and it will help restrict traffic to your blogs to countries that work best for your business model. It has helped my own blogs immensely by blocking traffic and bots from troublesome countries.
Here's a much longer description of what Wordfence can do to make your Wordpress blog more secure:
"Scans core files, themes and plugins against WordPress.org repository versions to check their integrity.
Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.
Includes advanced IP and Domain WHOIS to report malicious IP's or networks and block entire networks using the firewall.
See how files have changed. Optionally repair changed files that are security threats.
Scans for signatures of over 44,000 known malware variants that are known security threats.
Scans for many known backdoors including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.
Continuously scans for malware and phishing URL's including all URL's on the Google Safe Browsing List in all your comments, posts and files that are security threats.
Scans for heuristics of backdoors, trojans, suspicious code and other security issues.
Checks the strength of all user and admin passwords to enhance login security.
Monitor your DNS security for unauthorized DNS changes.
Rate limit or block security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.
Choose whether you want to block or throttle users and robots who break your security rules.
Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security.
See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing.
Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area security threats originate from.
Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.
Wordfence Security for multi-site also scans all posts and comments across all blogs from one admin panel.
WordPress Multi-Site (or WordPress MU in the older parlance) compatible.
Premium users can also block countries and schedule scans for specific times and a higher frequency.
Our online forums are available 24/7 to answer your WordPress security questions."