Are you getting an "Insecure Login Prevented" message when attempting to log into your WordPress site? In this article, we'll provide more information on what causes this page to appear and how you can resolve it.
What Causes This Message?
Here at Pagely, we take security very seriously. In an effort to protect your account from brute force attacks that can impact your site's security as well as potentially impact its performance, we've introduced rules to ensure all users are logging in with secure passwords.
If you're logging into your WordPress site with an insecure password (for example, password123), our system will automatically block the login attempt until the password has been reset to something more secure.
How Do I Regain Access to My WordPress Site?
Once the login attempt has been flagged, subsequent attempts will be presented with a CAPTCHA that will need to pass verification. Upon verifying that the attempt is coming from a human, wp-login.php will once again become available.
To regain access, simply complete the CAPTCHA, then use the Forgot Password link to reset your password to something more secure. WordPress will automatically generate a secure and random password for you at this step - our recommendation is to choose that generated password if you continue to experience logins being prevented after a reset.
Additional WordPress Login Security Tips
At Pagely, we want to make sure that your WordPress site stays as secure as possible. Here's a few pointers that will help prevent unauthorized access.
Maintain Secure Passwords
As a general rule, we recommend creating passwords that meet or exceed the following criteria:
- Use a password that is a minimum of 12 characters long.
- Have a good mix of at least 2 of each: letters, numbers, and special characters.
- Passwords should appear random.
Never Use the Same Password Twice
Always avoid using the same password twice. This ensures that if your password is compromised somewhere else, that it doesn't impact your other accounts.
Generally when accounts are compromised, attackers will use a known username/password combinations to see what else they can gain access to. By using different passwords for each of your online accounts, your risk is greatly reduced.
Use a Secure Password Keychain
By using a secure password keychain such as LastPass or 1Password, you'll be able to keep all of your passwords completely random and unique without the need to remember each one.
Use 2-Factor Authentication
2-factor authentication will require an additional step to authenticate your account with a successful username/password combination. This means that even if someone guesses your password, they'll still need access to a separate time-based code.
You're probably already aware of 2-factor authentication for your Atomic control panel account, but did you know that you can also enable 2-factor authentication for your WordPress logins?
We recommend the following plugins for enabling 2-factor authentication on your WordPress site:
For more information on 2-factor authentication, see the official WordPress documentation.