You're welcome. If you go CloudFlare, be sure to read my post on that. If you go to the link in my Sig, there's a follow up post on CloudFlare there. Let me know if you have any questions. If you want layer 7 DDoS protection you'll have to pay CloudFlare. I do and it's about 30 cents a month, though, I don't have a lot of traffic either unfortunately. Since my forum is mainly on computers, etc, I have a lot of competition.
Actually, I learned that Google does NOT use the robots.txt — but they DO use the contents of some of the meta links in the <head> block.
Where did you read that? With me, all indications lead to Google actually honoring what's in robots.txt. I know becasue they've hit certain areas of the forum and I then disallowed it in robots and they never came back. Also, I block access to the renamed CIDRAM folder from being indexed and my Google search doesn't show Google indexing that folder. Now Bing is another story. Despite me saying don't go here or there, they do anyway and get a 404. Sometimes I feel like blocking all of Bing's ASNs but if it weren't for the fact that a lot of my visitors using Bing I would have blocked them long ago. Don't get too many Yahoo bot visits. Can't really say if they honor bots like they should or not.
If you have any questions about CIDRAM, go to the Gitter link I gave a link to. Caleb is the Dev. If there is an issue, open and issue at the Github repository.
Use this site with your WordPress domain. https://hackertarget.com/wordpress-security-scan/