Issue
Summary about the "WordPress account brute-force protection" feature.
Environment
- Imunify360
Solution
Server admin can enable an option to prevent access to WordPress accounts with well-known (trivial) passwords. When the option is enabled, all end-users that are trying to log into the admin account with weak/trivial or well-known passwords from the dictionary used by brute-forcers will be taken to the special alert page with an appeal to change their current password.
This feature can be enabled by setting cms_account_compromise_prevention
to true
in MOD_SEC config file section.
This feature is implemented via ModSec rule and could be partially disabled on a per-domain basis (the rule id is 33355).
The alert page supports localization and is displayed in the language of the browser (on an external Imunify domain).
Useful links
https://docs.imunify360.com/dashboard/#wordpress-account-brute-force-protection
Comments
0 comments
Please sign in to leave a comment.