Both of those rules were
examples. Merely examples. They were not intended as actual values that would be perfect for
psypro and this single-user Wordpress application.
In order to determine what rules would be the best for your application and server,
you must examine your incoming traffic and its patterns of proper use and of misuse.
Stateful tracking is not the only solution. You could also pass or block based on IP addresses, rather than leaving the webserver open to the entire Internet. You could even block or pass based on OS "fingerprints" associated with specific operating systems.