WordPress Bruteforce Protection Improved

Every day our security experts are looking to improve the security and respectively the performance of our services even more so our customers’ websites can be better secured and loading even faster. With the latest improvements of our Shared Hosting packages, we are targeting one of the most abused WordPress vulnerabilities of all times.


When you install WordPress by default the application does not have any brute-force protection activated and it is basically allowing anyone to perform as much as failed login attempts he/she wants on the wp-login.php page. By definition, a brute force attack is a type of web application attack which aims to gain access to the targeted website by submitting a large number of login attempts to the login form for the admin interface of the website. The actual password being used does not matter and the attacker can either generate the passwords randomly or those can be also part of some dictionary also known as a dictionary attack.

Bruteforce Protection Over the Years

In the time we were developing multiple brute-force protection solutions, however neither one of those was giving good results as all of them were blocking the bad traffic to your wp-login.php page but were not terminating the connections and basically, your WordPress website was protected at the cost of server resources as the connections were persisting. This was causing a negative impact on the performance of your websites and since we are focused on providing our customers with outstanding loading speed we develop a new and innovating approach of mitigating these attacks.

FastComet BruteForce protector

The new and improved WordPress Bruteforce protector resolves all the issues and says “NO” once and for all to the brute-force attempts on your website without actually impacting the performance of the server. How exactly this is happening – it pretty simple. In close collaboration with the developers of our Firewall software, we have developed an automatic IP blockage for all those IP addresses trying to brute-force your website so your WordPress website can be accessed only by legitimate users and respectively it can be protected from all those hacking attempts.


In the past we have released our Security Improvements Tutorial where we have explained how you can secure even further your WordPress based website, however sometimes not all of the users are comfortable of securing their websites following this tutorial mostly due to the fact that many people(website admins, blog posts writers, editors, etc.) are accessing their admin areas. So we developed a universal solution which will basically filter the bad traffic to the wp-login.php location and allow only the legitimate users to access the admin area of WordPress. This security improvement is already available on our Shared Hosting Packages, our WordPress VPS packages and of course our WordPress Dedicated Servers packages.


Christopher has many years of experience leading teams in the fields of Technical support, Server Administration, and Product Development. He mainly works on the backend, helping to create the infrastructure that powers FastComet. He is responsible for flawless migrations and quick and efficient answers to client questions. He also monitors our network status and jumps in to solve time-sensitive issues like DDoS attacks and stops malicious attempts in their tracks. Christopher’s primarily responsible for making sure that our servers purr along, and has worked tirelessly to improve automation at FastComet.