If you are trying to log in to your WordPress admin area and encounter an error message such as “Not Acceptable” or find yourself unable to log in, it is likely due to the server temporarily blocking a WordPress brute force attack. These attacks, which began escalating in April 2013, involve hackers and bots exploiting vulnerabilities in the WordPress framework to gain unauthorized access. Unfortunately, there has been a recent surge in such attacks as hackers experiment with new brute force methods. Our server administrators are actively working to mitigate these attacks and protect your account.

For additional information on brute force attacks, you can read this article: Major Brute Force Attack Against WordPress.

If you are not currently seeing the "Not Acceptable" error message but still cannot log in, we recommend refreshing the page in a few hours, as the attack will likely have subsided by then.

Recommendations to Protect Your WordPress Site

If you have WordPress installed on your hosting account, we strongly recommend you take the following steps to secure your site and minimise the risk of future issues:

  1. Use a Strong Password for the Admin Area Ensure your WordPress admin password is highly secure. Avoid simple passwords such as “secret1” and instead use a complex password like “Z#hups$M4!Z”. Consider using a password generator to create and store strong passwords.

  2. Keep WordPress Core Updated Always ensure you are running the latest version of WordPress. Updates often include important security patches to protect against newly discovered vulnerabilities.

  3. Update All Plugins Regularly update all installed plugins to their latest versions. Outdated plugins can be exploited by attackers to compromise your website.

  4. Install the Wordfence Security Plugin Install the Wordfence plugin, which provides robust protection for your WordPress site. It helps block bots from accessing your wp-login page and includes additional security features.

  5. Keep Your Theme Updated Ensure your active WordPress theme is up-to-date. Additionally, remove any old or inactive themes from the /wp-content/themes/ directory. Old theme files can contain vulnerabilities and are frequently targeted by hackers.

Further recommendations can be found here: Essential checklist for WordPress websites

Taking these steps will significantly enhance the security of your WordPress site and reduce the likelihood of encountering login issues in the future.

Updated by SP on 23/01/2025

Was this answer helpful? 259 Users Found This Useful (277 Votes)

Most Popular Articles

Wordpress - Wordpress White Page (Screen of Death)

If your website is displaying a blank white page on the landing or homepage, this normally means...
Wordpress - Conflict between WordPress and Password Protected Directories

There is a common conflict between WordPress and password protected directories. If you have...
How to improve WordPress site performance with LSCache

LiteSpeed Cache (LSCache) has plenty of advanced features that can enhance the speed of your site...
How to protect your WordPress site from SPAM using the CleanTalk plugin

CleanTalk is a powerful anti-spam plugin for WordPress that helps to keep your website free of...
Memory-Based Caching vs. Disk-Based Caching

Caching is a fundamental technique for optimizing the performance of websites. It helps reduce...