This has become my utmost security concern with WordPress the past year, so much so I am considering moving to another CMS even though my business has been built around WP development for over 10 years.
I am rarely concerned with someone actually hacking my sites as WordFence does do a really great job but I can't help but feel like the "bigger" problem is being ignored or simply swept under the rug.
The hack attempts never stop and pretty much kill anyone on a shared hosting plan and even worse cause my AWS services to exponentially grow in cost due to this excessive unwanted and illegitimate traffic. Is it a conspiracy, hmmm.
It really seems we as an internet community (I'm speaking to hosts, developers, security advisors, etc) are not leveraging the knowledge of the community on this one. If we're all being hacked by the same IP's upwards of several hundreds of thousands of compromised systems, why are we not already automatically blocking those IPs before they hit us? At the server level?
Why are those IP's not on a hosting providers first line of defense very much like spamhouse is to email?
If my system was compromised it should be my responsibility to clean my sh*t and jump through many pain in the a** hoops to get removed from those lists.
Why is hacking so risk free. It seems like we still haven't devised the right technologies to make attempting to hack painful and harsh with consequences.
Can't we come up with a way to ruin their day?
Heck I'd even set up a bunch of dummy WP sites specifically for dishing it out if anyone has any ideas.
How can we fight back and take our internet back?