Reseller Login or Sign up FAQ Search
ResellersPanel's Blog

Brute-force prevention on the WordPress login page

The web has seen an increased frequency of brute force attacks on WordPress sites recently, with malicious bots making hundreds of requests to the servers and generating a great amount of load on WordPress-based sites.

To minimize the risk of unauthorized access to yours and your customers’ WordPress sites, our developers have added an extra level of security to the WordPress login page.

As of today, our system will block for a period of 30 minutes each IP address that generates more than 15 login attempts within 3 minutes.

This brute-force prevention functionality is now enabled by default for all WordPress-driven websites.

It is conveniently integrated into the ModSecurity firewall interface, so you can easily manage it.

Once an IP address has been blocked, you will see it highlighted in red in the Detected Attacks column on the ModSecurity information board:

Blocked IP addresses are marked in red

To see the log file for the blocked IP address, click on the ‘View’ link on the right:

Click on 'View' to see the log record for the blocked IP address

In the popup window, you will see a record of the blocked IP address, so you will know where the sequence of unauthorized login attempts originates from:

Check out which is the IP address that has been blocked

If, for some reason, you want to disable the brute-force prevention functionality for your WordPress site, you can do so in two ways:

– by putting the ModSecurity firewall in Detect mode; This means our system will still generate a log file for the detected login attempts, but the IP address will not be blocked:

Click on Detect Mode if your want to have a log record of the detected login attemts

Click on the 'Deactivate' option if your want to deactivate the brute force attack prevention feature completely

– by disabling ModSecurity completely:

Hopefully, this newly added level of brute-force protection will help you maintain a more secure WordPress-based web presence.

Originally published Tuesday, February 25th, 2014 at 6:02 pm, updated July 8, 2024 and is filed under Latest News.

Tags:

Leave a Reply


« Back to menu