Our sites are all pretty old, so they are DDOS attack magnets. Bots LOVE our sites! This is why we have outages on the server quite frequently. The people at Siteground, while very responsive, really don’t do any WordPress support – despite their advertising. All they ever offered was fiddling with the robots.txt file. This can work, but it’s REALLY hard to figure out which bots to block without a list.
So we went forth into WP plugins and we’ve found a couple that work really well: Blackhole for Bad Bots and StopBadBots. The first one, Blackhole, requires that you set up a robots.txt file (if you don’t have one) and then add some code to it. I guess it works, there’s no real feedback. It’s always good to have a robots.txt file, so no harm setting this up.
The second one, however, StopBadBots, is wonderful. It REALLY works and it gives feedback so you can see which bots are the ones hammering your site. No fiddling with robots.txt files or any of that. I highly recommend using this plugin to defend your site against bots.
Also: use Wordfence. It offers tons of security as far as hacking, like blocking IPs that repeatedly try to log in and offering multi level login security.
Hosts are pretty useless when it comes to supporting WordPress. I’ve never gotten any decent support from a host. The important part about WP is security. You’ve GOT to lock it down from login attempts and bots that hit your site and drive up traffic, which can slow and even bring down your server.