Your WordPress login page is one of the most commonly targeted parts of any website. Attackers use automated tools to try thousands of password combinations, hoping to guess their way in. Web60 protects your login automatically, so you do not need to worry about this.
How Web60 protects your login
Rate limiting
If too many failed login attempts are made in a short period of time, Web60 automatically triggers a temporary lockout. This stops attackers from being able to keep guessing passwords. The lockout only affects the source of the failed attempts, so your real visitors are not affected.
IP blocking
If the same source repeatedly tries to attack your login page, Web60 blocks that source at the server level. This happens automatically and means the attacker can no longer reach your site at all, not just the login page.
XML-RPC protection
XML-RPC is a feature built into WordPress that is rarely needed by most websites, but it is commonly used by attackers as a way to try logging in. Web60 blocks this by default, closing off a common attack route without affecting how your site works.
Secure cookies
When you log in to your WordPress dashboard, your session is protected with encrypted cookies. This means your login session cannot easily be intercepted or stolen.
What you can do to stay safe
While Web60 handles the technical protection, there are a few things you can do to make your login even more secure:
Use a strong, unique password
Choose a password that is long and hard to guess. A good password is at least 12 characters and includes a mix of letters, numbers, and symbols. Do not reuse passwords from other websites.
Consider two-factor authentication
Two-factor authentication adds an extra step to your login. After entering your password, you also need to enter a code from your phone. This means that even if someone guessed your password, they still could not get in without your phone.
To set this up, install a free plugin like WP 2FA from the WordPress plugin directory. It takes just a few minutes to configure and adds a strong extra layer of security.
Do not share your login details
Never share your WordPress username and password with anyone unless you trust them completely. If you need to give someone access to your site, consider creating a separate user account for them with only the permissions they need.
Use the "Open WordPress" button
In your Web60 dashboard, you will find an Open WordPress button on your site's overview page. Clicking this logs you straight into your WordPress dashboard securely, without needing to type your password. This is the safest and easiest way to access your site.
What to do if you get locked out
If you accidentally trigger the lockout by entering your password incorrectly too many times, do not worry. Simply wait 15 minutes and the block will be lifted automatically. You can then try logging in again.
If you need to get in urgently or the lockout does not clear, contact Web60 support and we will sort it out for you.
Need help?
If you are having trouble with your WordPress login, visit our support page and we will get you back in.
Frequently asked questions
What happens if someone tries to hack my login?
If someone tries to guess your password by attempting lots of logins in a row, Web60 automatically blocks them after a few failed attempts. Their access is temporarily locked, protecting your site.
Can I add two-factor authentication?
Yes. You can install a free WordPress plugin like WP 2FA to add an extra layer of security to your login. This means you will need both your password and a code from your phone to log in.
What if I get locked out of my own site?
If you accidentally trigger the lockout by entering the wrong password too many times, simply wait 15 minutes and the block will be lifted. If you need immediate access, contact Web60 support.
Last updated: 31 March 2026