large scale WordPress wp-login.php brute force attacks

  • Answered
I would like to know what InMotion is doing security-wise to prevent these large scale WordPress wp-login.php brute force attacks. I've been with Wordpress for less than a month and been temporarily locked out of my site twice in the last week because of these attacks.
I have put the question in groups I belong to, such as Facebook, and no other Wordpress users with hosts other than InMotion have ever been notified that their websites are under attack and vulnerable.
This leads me to the belief that InMotion's security isn't as good as other hosts.
Please advise what is happening to prevent these in the future.
Hello alanaw5_wp, The lockout you experience is a custom security setting from our Systems Admin team. WordPress is the most popular CMS software on the web and consequently, is the most often attacked. We err on the side of caution in handling suspicious attempts to break in. These brute force attempts occur on all servers who host WordPress daily, whether they tell you or not. These rules exist on our shared servers due to the fact there are are many people sharing the same physical box. If someone can get into one account, we do not want them to be able to get into other sites on the same account, or even worse, find a way to access other accounts. Since many people do not take it upon themselves to secure their WordPress sites (and many have usernames like 'admin' and passwords like 'password123') we take action at the server level. This can be disabled on a case by case basis. The account needs to prove they have taken appropriate measures to protect themselves. Once they have, we can disable the rule that causes lockouts on that account. Be sure to check our article on how to protect your WordPress site against brute force attacks. Using the tactics here will allow your account to be secure and for us to be able to remove the rule. To remove the rule, simply contact Live Support and request it. Kindest Regards, Scott M