Why am I getting a ‘Compromised Account Login Prevention’ alert?

Definitions

The Compromised Account Login Prevention alert from Imunify 360 is triggered when the firewall detects a login attempt using a known weak or compromised administrative password. When this happens, the firewall prompts you to reset your website admin password to prevent unauthorized use.

This alert is a security measure to protect your website from brute force attacks and malicious activity. It indicates a firewall-triggered password reset, not a website error, and only appears to the user attempting to sign in to the website admin dashboard, and not website visitors.

Your browser will redirect to a page prompting you to change your website admin password to enhance your website’s security.

Here is a visual example of the Compromised Account Login Prevent alert page:

Before you start

✅ The Compromised Account Login Prevention alert means the firewall is protecting your website by forcing a reset of a weak or compromised website admin password. It is not a website or hosting error.

ℹ️ To clear the firewall alert and access your website admin dashboard, simply complete a password reset.

Step by step

If you see the Compromised Account Login Prevention alert page, complete the steps below.

1. On the Compromised Account Login Prevention page, click the Reset password button

2. Follow the prompts to reset your website admin password to a secure password

➡️ For WordPress websites, you can use these steps: Reset your WordPress admin password

🚨 You must set a strong password, adhering to these guidelines:

• Length: The password should be at least 12 to 16 characters long. Longer passwords are generally more secure.

• Complexity: Include a mix of uppercase and lowercase letters, numbers, and special characters (like !, @, #, $, etc.).

• Unpredictability: Avoid common words, phrases, or easy-to-guess patterns (like “1234” or “password”). Instead, use a random combination of characters.

• Uniqueness: Use a different password for each account to prevent a breach on one account from compromising others.

• No Personal Information: Do not use easily obtainable information like your name, birth date, or simple keyboard patterns (like “qwerty”).

3. Once you’ve completed the password reset, refresh your web browser page

4. After refresh, attempt to log in to your website admin dashboard. For WordPress websites, you can use these steps: Log in to your WordPress admin dashboard

5. If you’ve set a secure website admin password, the alert page will clear away. If it’s still there, it means your password is still weak. Do another password reset, adhering to the strong password guidelines above.