Bots and suspicious actors commonly attempt to access your Faculty Web WordPress account. Many bots will try to use generic credentials, such as "admin" and "password," to access your site's Admin panel. To help prevent your site from being compromised, all WordPress installations in Faculty Web come with the Limit Login Attempts plugin.
How to Protect Your Site
You should be proactive in making it more difficult for suspicious actors to access your site by following these tips:
- Do not use the username "admin." You should instead use the default, auto-generated username created during the WordPress install.
- Do not use any generic passwords. You should automatically generate random passwords and use a password manager when possible.
Remember, if you have access to cPanel, you'll sign in to your WordPress admin through your cPanel account.
Receiving Email Notifications
You may receive an email notification if an account has been locked out due to too many failed login attempts. If you receive this Email, this means that a user has been locked out, not that your site has been compromised. If you receive this Email, you have a few options.
Changing Usernames​
If you have a common username, such as "admin" or "user," you are more likely to be attacked and locked out.
- Go to your cPanel (faculty.unlv.edu/dashboard)
- Select My Apps
- Select the wrench icon for your WordPress site
- Scroll to Administrator Username and Password
- Verify this account does not use "admin" as the username. If it does, change it to a random username.
- Select Administrator Password, then select Generate to generate a new password.
- Scroll to the bottom, then select Save All
This will update your user account to not use "admin" for the username. Select the URL ending in wp-admin at the top to access your WordPress Admin.
- In the left sidebar, hover over Users, then select All Users.
- Locate any users using usernames like "admin" or other generic account names
- If you have any users with these common names, you will need to delete them and create new accounts.
Once you remove these common usernames, you should prevent most lockout emails.
Disabling Notifications
You can disable the email notification if you cannot change your username or are still getting excessive email notifications. Disabling the email notification will not stop the plugin from protecting your site.
- Go to your WordPress site's admin panel.
- From cPanel, go to My Apps, then select the URL ending in wp-admin
- In the left navigation, select Limit Login Attempts
- In the top tab bar, choose Settings
- Turn off Email to [Email] after [#] lockouts. You can also adjust the number of lockouts if you prefer to leave the notification on.
- Select Save Settings
Need Additional Help?
For additional assistance, please visit the Faculty Web knowledge base for additional articles. You can also contact the IT Help Desk.