On Smarthost servers, security measures have been enabled to prevent brute-force attacks targeting WordPress. The security protects the wp-login.php address (login screen) and the xmrpc.php file (WordPress remote management). By enabling such security, a WordPress hack attempt will be interrupted by the need to enter reCaptcha.
In practice, it looks like a user who wants to log in to the panel and knows the login and password will do it without any problems, when entering the administration panel page, he will see a standard login field:
![](https://www.smarthost.pl/blog/wp-content/uploads/2021/02/image-8.png)
A person / robot who is entering random passwords after 10 unsuccessful attempts within 5 minutes will see a field with a request for verification:
![](https://www.smarthost.pl/blog/wp-content/uploads/2021/08/image-9.png)
Latest posts by Tomasz (see all)
- DMARC – changing configuration - December 6, 2023
- Automatic WordPress login security by reCaptcha - July 10, 2023
- Does “Time to first byte” (TTFB) means server speed? - October 31, 2022