Back on January 4th 2017, WPX Hosting implemented new security protocols to secure your websites even further. This security update was introduced for your benefit and will help keep your site secure in case of attack.
To prevent your websites from being hacked, new Brute Force rules have been added to our security system so we can better protect your WordPress-Admin login area;
Rule #1: If you try to log in to your website and you enter a wrong password more than 5 times in under 1 minute – the IP will be blocked for 10 minutes. Be careful not to lock yourself out of your own account!
Note: This rule is valid only for /wp-admin & /wp-login.php URLs, if you hid your /wp-admin URL and created a custom one (i.e. /dashboard, /hiddenarea, /a34rjfWIr32, etc.), this rule won’t apply. The reason is that brute force attacks are targeted towards /wp-admin URL, and since your dashboard is hidden, bots cannot find it and trigger brute force attacks.
If this does happen, you must wait for at least 10 minutes until your IP is unblocked.
Rule #2: If incorrect FTP credentials are used more than 5 times in under 1 minute – the IP will also be blocked for 10 minutes.
Rule #3: If a certain URL (like a specific inner page on your website) is accessed more than 800 times from one IP address in 2 seconds – that IP will be blocked for 1 hour.
Bear in mind that Rule #3 above can be affected by poorly-coded plugins.
Note: If you have been blocked out of your IP address, you will not have access to any of your other websites hosted with us for 10 minutes.
Before our new security update, if incorrect login details were used to access your IP 3 times, your site would be blocked for only 5 minutes.
This new security update will ensure that your information is kept completely secure from any potential threats.
If you get stuck with anything discussed here, please contact WPX Support via live chat (use the bottom right hand widget!) and they will usually respond and help within 30 seconds or less.