Are you unable to enable the Brute force attack protection feature on your site? Check these tips to find out why and learn more about our error messages.
You may see the message “Brute Force Attack Protection is unable to effectively protect your site because your server is misconfigured.”
Whenever someone tries to log in to your site, Brute Force Attack Protection feature looks at that person’s IP address and compares it with our global database of malicious IP addresses.
We rely on IP addresses stored and provided by your server for this to work properly. If your server does not return any IP addresses, then Brute Force Attack Protection will not work properly. The Brute Force Attack Protection feature will be disabled when this happens, and we will let you know.
If that happens, please send a link to this page to your hosting provider, so they can take a look and fix the issue for you. They can also contact us directly via this contact form if they need more information.
Unblock your IP address
If you tried to log in to your site multiple times but failed because you had forgotten your password, Brute Force Protection may block your IP address.
Enter your email address in the available field and hit Send. You will receive an email with a special link you can click to regain access to the login form.
If you get an error when clicking the link in the email, you can follow one of the three methods described here under Jetpack locked me out. What can I do? to unblock yourself.
If you are still blocked, it’s likely due to a configuration issue on your server. Please contact us for help fixing that.
Brute Force Attack Protection on Multisite Networks
In a WordPress Multisite installation, you can log in to any account that exists on the network through any log-in page on the network. As a result, if you have Brute Force Attack Protection active on some sites but not all, then no site is truly being protected.
To address this, please network enables Jetpack on your multisite installation and activate the Brute Force Attack Protection feature on the network’s primary site. Once completed, Brute Force Attack Protection feature will be activated on every site on your network, even if Jetpack isn’t connected to those sites.
Malicious login attempt reports
The best way to explain this feature is that there are thousands of “bots” out there trying to gain access to sites all over the internet. No matter what size your site is, there’s always someone or something trying to “break in”. WordPress is very secure and usually the weakest point is someone’s password. Bots consequently try to guess people’s passwords to get in.
Brute Force Attack Protection feature collects information from failed attempts from millions of sites and protects you from these attacks. For example, if a bot tried to gain access to site A, and then went to site B, Brute Force Attack Protection would already know who this bot is and before it even tries to get into site B, it would be blocked.
Along with that, it’s also really important to have strong secure passwords.
Find out more information about the Brute Force Attack Protection feature here.