Brute force attacks refer to repeated attempts at login that focus on guessing user credentials to access the account without authorization. Brute force attacks can weaken your site security if not checked and blocked on time. The following are crucial steps to protect cPanel-hosted sites against brute force attacks.

1. Enable Two-Factor Authentication (2FA)

Adding a second layer of security significantly reduces the risk of unauthorized logins.

  • On cPanel Servers: Navigate to cPanel -Security – Two-Factor Authentication to enable this feature.
  • On WordPress Sites: Use plugins like Google Authenticator or Wordfence Security for 2FA protection.

2. Activate cPHulk Brute Force Protection

cPHulk is a powerful built-in feature for defending against brute force attempts.

  • Go to WHM -Security Center – cPHulk Brute Force Protection.
  • Set the Max Failures per IP and Lockout Time to automatically block repeated failed login attempts.
  • Enable notification alerts to stay informed of any brute force activity.

3. Secure Website Login Pages

Strengthening login pages adds another layer of protection.

  1. Change Default Login URLs
  • For WordPress: Use plugins like WPS Hide Login to change the default wp-login.php URL to a custom one.
  • For Joomla and Magento: Utilize security extensions to customize admin URLs.
  1. Enable reCAPTCHA
  • Integrate Google reCAPTCHA into login, registration, and contact forms to block automated bot access.
  1. Use Strong Passwords and Limit Login Attempts
  • Always use secure, strong passwords and reset them regularly.
  • For WordPress: Install the Limit Login Attempts Reloaded plugin to restrict failed login attempts.

4. Implement a Web Application Firewall (WAF)

Deploying a WAF helps stop suspicious traffic before it reaches your server.

  • Consider services like Cloudflare or Sucuri Firewall to block brute force attempts effectively.

Responding to Brute Force Attacks

If brute force activity is detected on your server:

  • Block suspicious IP addresses using CSF Firewall or the cPanel IP Blocker.

Conclusion

Enabling layered security features like 2FA, cPHulk protection, hardening of the login page, and a WAF, you can effectively counter brute force attacks. Proper monitoring and on-time security updates continue to remain essential for ensuring your hosted sites are secure against growing threats. For more insights, you can also explore our WordPress blogs.

Need expert assistance in securing your websites or servers? Contact the ServerAdminz team today for professional server management and 24/7 support.