Protection from malicious login attempts
Jetpack’s Protect module checks every login attempt on your site against our global database of malicious activity to prevent unwanted login attempts on your site.
This feature is activated by default for you when Jetpack is installed.
Jetpack detects changes to your server’s files, and matches those changes to lists of known coding patterns commonly used by hackers. Additionally, we detect plugins that have known vulnerabilities.
In both these cases, if a security issue is found, we will send you an email to let you know. You can typically resolve these issues yourself, but our support team is always available to review these issues for you and lend a hand if needed.
We also run a security scan on your initial site backup. Security scans are then run either daily or hourly based on your plan and how often new backups are created.
Take additional security measures
Jetpack does not act as a firewall, or prevent all malicious behavior on your site. There are a variety of WordPress plugins and services that do provide these types of features, but some of the most important actions you can take are to follow these best practices:
- Use complex passwords for your user, hosting, and database accounts and change them frequently.
- Use SFTP instead of FTP. If your host doesn’t offer SFTP, consider finding one that does.
- Keep on top of WordPress and plugin updates. Jetpack’s auto-update feature will help you stay on top of these.
- Use two-factor authentication on accounts where it’s available. Secure Sign On is a great option for this.
- Only use plugins and themes from reputable sources.
- Remove all unused themes and plugins.