Login restrictions for WordPress on cPanel

Off

Background

WordPress is a popular, open-source blogging platform and content management system that is widely used on cPanel.

Unfortunately we have seen several significant, sustained brute force login attempts to cPanel-hosted WordPress sites. These lead to the degradation of the service and risk compromise of the affected sites.

What we have done

To protect cPanel sites and minimise the potential disruption to the service from this kind of attack, we have blocked access to the default WordPress login page - wp-login.php - from off-campus IP addresses.

Will this affect me?

We expect that most users won’t be affected by this change. If you login to WordPress from on-campus then you can continue to do so as before.

If you login to WordPress from off-campus and are a member of the University, then you can do so by simply using a VPN connection. Please contact the IT Service Desk if you need support setting up VPN.

If you are affected by this restriction then you should contact the owner or maintainer of the WordPress site you are trying to access.

What do site owners need to do?

If you are the owner or maintainer of a cPanel account and you need users to log in from off-campus (and without VPN) then you will need to find and install a suitable WordPress plugin that allows you to change the default login URL. Once you have done this, you should not be affected by this restriction we have put in place.

A global reputation

Sheffield is a research university with a global reputation for excellence. We're a member of the Russell Group: one of the 24 leading UK universities for research and teaching.

About the University