WordPress brute force protection on Managed WooCommerce Stores
One of the most common ways an attacker will attempt to gain access to your site is with a brute force attack. If you're not already familiar with the term, brute force attacks are when an attacker attempts to automatically guess your password, usually by using a list of common or re-used passwords. The most skilled attackers will often use information already known, such as information gathered from known usernames, re-used passwords from previously compromised sites, or even information about your site, such as your domain name.
Although we always recommend using best practices to keep your website secure from those who may wish it harm, this is especially important for eCommerce sites that are handling personal information and payments. In this article, we'll provide more information on how our systems automatically keep your Managed WooCommerce Stores site secure, as well as additional steps you can take to further protect yourself.
How Managed WooCommerce Stores prevents brute force attacks
Managed WooCommerce Stores has automatic brute force mitigation in place to protect you from automated login attempts. Although we can't cover all of the specifics here, here's a general idea of how it works:
- Each time the WordPress admin page is accessed, the server will determine if it's a likely threat.
- If there have been previous failed login attempts, the user may be prompted for complete a captcha.
- After the captcha is completed, further failed login attempts may result in the user being rate limited, requiring them to wait a period of time before being able to attempt logging in again.
In addition to protecting from repeated failed login attempts, even valid logins may sometimes result in an error. This is usually because something looks suspicious, such as a weak password or a set of credentials that have been compromised elsewhere. If this occurs, we recommend resetting your password and following the best practices outlined in this article when choosing a new one.
More than security
Not only does our brute force prevention system assist with with security, it often results in improved site performance. Because these attacks are blocked before they even reach your WordPress site, you save resources that ultimately result in faster sites and less hosting costs.