Effective protection against WordPress brute force attacks and unauthorized login attempts - that's what our new feature, the Raidboxes login protector. We'll show you where to find the security feature in the RB dashboard and how to set it up correctly.
Brute force attacks are by far the most common type of attack on WordPress sites. Bots try to automatically log into your WordPress dashboard and usually use hundreds or thousands of stolen login details and passwords.
In the worst case, hackers can log into your WordPress in this way - in the best case, these login attempts generate a very high load on your site. The RB Login Protector prevents these attacks. It basically uses a mechanism already known from several plugins: Limit Login Attempts, or LLA for short.
And this is how the RB Login Protector works
The RB Login Protector switches itself in front of your WP login area and 'blacklists' IP addresses that repeatedly try to log in with false login data.
In the settings of your BOX, you can define exactly after how many login attempts this block should take effect and how long the IPs in question should be blocked.
Set the RB Login Protector correctly
You can find the RB Login Protector in the settings of your BOX in the Security submenu.
The overview of blocked IPs (drop-down arrow)
You can use the buttons at the top to display all previously blocked IP addresses and reset the attempt counter. This completely clears the blacklist and all IPs can start login attempts again. If you only want to unblock individual IP addresses, select them in the list and then reset the counter.
Settings
Here you can set exactly how many failed attempts are allowed before an IP is blocked and how long blocked IPs should be blocked.
Whitelist
In addition to the blocking rules, you can also define a whitelist. IP addresses on this list are neverblacklisted.
Notifications
You can also be informed about all lock-outs by e-mail.
Please note: Brute force attacks occur very frequently. You may therefore receive a large number of emails via this notification function.
Deactivate brute force protection?
Disabling the RB Login Protector poses a major security risk, as our server will then not monitor the login page of your WordPress installation and brute force attacks will have an easier time. So be sure that you absolutely have to turn it off.
Direct login with the single sign-on
If the RB Login Protector blocks your own IP, you can still log in to your WordPress with Single Sign-on (SSO). We developed this feature to make both possible: a secure, complex password AND a simple login to the WordPress backend of your site(s).
A strong and secure password is essential for the security of your WordPress site. The criteria for a secure password (upper and lower case, numbers and special characters, minimum length of 7 characters, etc.) can make it difficult for attackers to enter a valid password during login. With single sign-on, using complicated and particularly secure passwords is no longer a problem. We explain how you can use it in this Helpcenter article.