Effective protection against WordPress brute force attacks and unauthorized login attempts - that's whatour new feature offers you, the RAIDBOXES Login Protector. We show you where to find the security feature in the RB dashboard and how to set it up correctly.
Brute Force attacks are by far the most common type of attack on WordPress sites . Bots try to automatically log into your WordPress dashboard and use hundreds or thousands of stolen login details and passwords.
In the worst case, hackers can log in to your WordPress - in the best case, these login attempts create a very high load on your site . The RB Login Protector prevents these attacks. It basically uses one of several Pluginsknown mechanisms: Limit Login Attempts (LLA).
And this is how the RB Login Protector works
The RB Login Protector gets in front of your WP login area and 'blacklists' IP addresses that repeatedly try to log in with fake login credentials.
In the settings of your BOX you can define exactly after how many login attempts this block should take effect and how long the respective IPs are blocked.
Set the RB Login Protector correctly
You can find the RB Login Protector in the Security submenu of your BOX settings.
The overview of blocked IPs (drop-down arrow)
Using the buttons at the top, you can display all previously blocked IP addresses and reset the attempt counter. This clears the blacklist completely and all IPs can start login attempts again. If you only want to unblock individual IP addresses, select them in the list and then reset the counter.
Here you can set exactly how many failed attempts are allowed before an IP is blocked and how long blocked IPs should be blocked.
In addition to the blocking rules, you can also define a whitelist. IP addresses on this list will never be 'blacklisted'.
You can also be informed about all lock-outs by e-mail.
Please note: Brute Force attacks occur very frequently. Therefore, you may receive a large number of emails via this notification function.
DisableBrute Force protection?
Turning off the RB Login Protector is a big security risk, because our server will not monitor the loginsite of your WordPress installation and Brute Force attacks will have an easier time. So be sure that you have to turn it off.
Direct login with the Single Sign-on
If the RB Login Protector blocks your own IP, you can still log in to your WordPress using the Single Sign-on (SSO). We have developed this feature to allow both: a secure, complex password AND an easy login to the WordPress backend of your site (n).
A strong and secure password is essential for the security of your WordPress site essential. The criteria for a secure password (upper and lower case, numbers and special characters, minimum length of 7 characters, etc.) can make it difficult for attackers to enter a valid password during login. With Single Sign-on , using complicated and especially secure passwords is no longer a problem. How you can use it is explained in this Helpcenter article.