Brute Force Attack Protection

Jetpack blocks unwanted login attempts from malicious botnets and distributed attacks.

Is my site under attack?

Brute force attacks are the most common form of hacking — and hackers don’t discriminate. As the most commonly used Content Management System on the web, WordPress sites make an attractive target for hackers looking to exploit code vulnerabilities unique to WordPress. 

Using large networks of computers known as botnets, hackers can try to gain access to your site by using thousands of different combinations of usernames and passwords until they find the right one. 

Recently, attackers have found a way to “amplify” these attacks against the WordPress XML-RPC file – making it easier for attackers to try and break into your site.

WordPress brute force attacks can:

  • Slow down your site (or cause it to stop responding) because of repeated server requests.
  • Allow unauthorized access to your site for hackers to modify your code or insert spammy links.
  • Put your site content and data at risk.

That’s where Jetpack comes in. Our state-of-the-art security tools automatically block these attacks, protecting your WordPress site from unauthorized access.

How to protect WordPress login brute force attacks

On average, Jetpack blocks 5,193 WordPress brute force attacks over a site’s lifetime. It allows you to protect yourself against both traditional brute force attacks and distributed brute force attacks that use many servers against your site.
Get Started

Feature Details

  • Automatic blocking of malicious IPs before they reach your site.
  • View a count of total attacks to your site on your dashboard.
  • Whitelist known IP addresses to prevent false positives.
  • Turn the feature on or off with one click from your dashboard.

Part of Jetpack’s suite of security services for WordPress sites including WordPress brute force protection, uptime monitoring, data backups, security scanning, and more.

Frequently Asked Questions

Here are the answers to some common questions. And we’re always more than happy to answer any additional questions you may have.

How much does brute force protection cost?

Brute force protection is provided for free to all WordPress sites running Jetpack.


How do I turn it on?

Simply install Jetpack and enable it with one click from your Jetpack dashboard. For advanced settings and troubleshooting read our detailed support document.