• 
  Here're a few infra security objectives for P4 I think we need to prioritise:

 
1. Application level firewall, eg Wordfence, to handle brute force password attempts, xmlrpc, background-radiation hack attempts on known bad urls
 
2. Rate limiting at service / load balancer / CDN level, to mitigate against /wp-login.php and /wp-admin/ spam before it gets to the application layer
 
3. Deny all traffic to the application that doesn't come from Akamai
4. Go forward with Google's Project Shield DDoS / CDN protection

Task assigned to Ray as the driver, if not implementer