From January 4th 2017 onwards, WPX Hosting has implemented new security protocols to secure your websites even further. This security update has been introduced for your benefit and will help keep your site secure in case of attack.
To prevent your websites from being hacked, new Brute Force rules have been added to our security system so we can better protect your WordPress-Admin login area;
Rule #1: If you try to log in to your website and you enter a wrong password more than 5 times in under 1 minute - the IP will be blocked for 10 minutes. Be careful not to lock yourself out of your own account!
Note: This rule is valid only for /wp-admin & /wp-login.php URLs, if you hid your /wp-admin URL and created a custom one (i.e. /dashboard, /hiddenarea, /a34rjfWIr32, etc.), this rule won't apply. The reason is that brute force attacks are targeted towards /wp-admin URL, and since your dashboard is hidden, bots cannot find it and trigger brute force attacks.
If this does happen, you must wait for at least 10 minutes until your IP is unblocked.
Rule #2: If incorrect FTP credentials are used more than 5 times in under 1 minute - the IP will also be blocked for 10 minutes.
Rule #3: If a certain URL (like a specific inner page on your website) is accessed more than 800 times from one IP address in 2 seconds - that IP will be blocked for 1 hour.
Bear in mind that Rule #3 above can be affected by poorly-coded plugins.
For example, if you are using an image optimising plugin (not recommended), it can constantly hit certain URLs and that can cause your IP address to be blocked.
That's why it is good practice to optimise your images with certain delays (5 seconds will be enough) before performing bulk actions again (or switch to a CDN for image delivery - ask us how if you’re stuck).
Note: If you have been blocked out of your IP address, you will not have access to any of your other websites hosted with us for 10 minutes.
Before our new security update, if incorrect login details were used to access your IP 3 times, your site would be blocked for only 5 minutes. This new security update will ensure that your information is kept completely secure from any potential threats.
If you forget your WordPress Admin login details or your FTP credentials, try to reset your password or just raise a support ticket from here:
and we will help you out asap!
You can also read more about our WordPress hosting in Singapore (find more here).