Yes disabling root login will help too but need to ensure root is accessible when required i.e. with sudo
.
For those who’s serious about opening SSH/SFTP/FTP on MyCloud to the internet, check out my webhosting mods post on how to secure WDMyCloud:
With just my simple perl code (source provided), attempts with x-times fail login to either SSH/SFTP or FTP will permanently block the originating IP xxx.xxx.xxx.*. I have tons of such attempts daily in my logs. There’s also a safety feature incase you got yourself locked out remotely.