The Compromised Account Login Alert activates when the firewall detects a login attempt from a known weak or compromised admin password. This triggers a redirection to a page where you must change your password.
If you see the Compromised Account Login Prevention alert, the firewall has detected the password used on your website application (for example: WordPress admin dashboard) is compromised or weak.
The firewall system then triggers a security check screen and prompts you to reset your website admin password to prevent unauthorized account use.
This feature is to protect your website against brute force attacks and/or malicious unauthorized activity.
This alert indicates a firewall-triggered password reset, not a website error. It appears exclusively to the user attempting to sign in to the website administrator dashboard, as shown in the image below.
If you have triggered the Compromised Account Login Prevention alert, you must perform the steps below.
1. On the Compromised Account Login Prevention screen, click the Reset Password button and follow the prompts to reset your password to a secure password. For WordPress websites, you can also use the password reset methods included in this guide: Reset your WordPress admin password
⚠️ On password reset, you must set a secure password, following these parameters:
- Length: The password should be at least 12 to 16 characters long. Longer passwords are generally more secure.
- Complexity: Include a mix of uppercase and lowercase letters, numbers, and special characters (like !, @, #, $, etc.).
- Unpredictability: Avoid common words, phrases, or easy-to-guess patterns (like “1234” or “password”). Instead, use a random combination of characters.
- Uniqueness: Use a different password for each account to prevent a breach on one account from compromising others.
- No Personal Information: Do not use easily obtainable information like your name, birth date, or simple keyboard patterns (like “qwerty”).
2. Once you’ve completed the password reset process, refresh your web browser page
3. After refresh, attempt to log in to your website administrator dashboard. For WordPress websites, you can use the methods indicated in this guide: Log in to WordPress dashboard