dashed-slug.net › Forums › General discussion › Pin › Reply To: Pin
Hello,
You are correct that security is a very important concern when you have a hot wallet connected to your site. A wallet can only ultimately protect the funds (hence the CS feature), it cannot do a WordPress security model in general.
If I were to try to roll my own IP filters on top of that of WordPress, it would break the separation of concerns principle: I would probably not do a very good job at it, and it would create many problems in edge cases. (Incidentally, this is also the reason why I don’t add two factor login features, password auditing, or other extra security features in the plugin.)
Instead, if you have decided that admins can only login from specific white-listed IPs, I suggest you use one of the existing WordPress security plugins to do this. For a good overview on all of the attack vectors that you should be worried about, see https://wordpress.org/support/article/hardening-wordpress/. Additionally, your host needs to be secure. If you’re managing the server yourself, you need to look up “hardening debian”, “hardening centos”, “hardening apache”, “hardening nginx”, or whatever software stack you’re using. If your server is managed, then this is partly what you pay your hosting provider for.
with regards