Securing WordPress is ultimately a mutual effort and collaboration between your system administrator and hosting provider. There are various ways of protecting your WordPress admin and our customers can be assured our capabilities are well defined for enforcing enterprise-grade security.
We place a rate limiter on password attempts to wp-login.php and other pages. This prevents brute force attacks from bots attempting to guess common passwords on accounts. If an IP address fails to successfully log in within the first few attempts, they will be prevented from making any further attempts until it can be confirmed they are not a bot via a CAPTCHA challenge. This is an additional countermeasure designed to thwart suspicious unauthorized login attempts.
Our staff maintains a static password blacklist that prevents WordPress users from choosing insecure passwords. This list is generated from data collected from public password leaks. We also implement a dynamic password blacklist for added protection.
These dynamic and static password blacklists have been successful in preventing the most common user compromises due to weak passwords.Passwords set on your WordPress site via our administration panel are filtered to prevent customers from inadvertently choosing insecure passwords when they first set up an account.
Like this content? Meet Pagely.
In addition to an ongoing blacklist, our proprietary account dashboard also requires a set of criteria that needs to be met for stronger, more complex passwords. Some of these include: minimum character count, variation of symbols, capitalizations, numbers, etc.
Was this article helpful?
Copyright 2009-2024 Pagely, Inc. Pagely® and WordPress® are registered trademarks.