Most successful attacks on small business websites are automated bots trying common passwords over and over. DirectAdmin's built-in security tools stop the majority of this without needing any extra plugin.
1. Enable Brute Force Monitor
Under Advanced Features, open Brute Force Monitor and confirm it's active. It automatically flags and blocks IP addresses that fail to log in repeatedly within a short window.
2. Adjust ban thresholds
You can set how many failed attempts trigger a ban and how long the ban lasts. A common setting is around 5 attempts within 10 minutes leading to a temporary block.
3. Use IP Ban Manager
Also under Advanced Features, IP Ban Manager lets you block or allow specific IP addresses manually, useful if you spot repeated suspicious activity in your logs.
4. Manually block an IP address
Add the offending address directly under IP Ban Manager as a permanent block, no need to wait for Brute Force Monitor to catch it automatically.
Key takeaway: Check your Brute Force Monitor banned-IP list every few weeks — a sudden spike in bans is often the first sign your site is being actively targeted.
5. Enforce strong passwords
When creating email accounts or additional logins, DirectAdmin shows a password strength meter — always aim for the strongest rating it offers rather than the minimum accepted.
6. Restrict panel login access
Where your usage pattern allows it, some DirectAdmin configurations let you restrict login to specific IP addresses — check with your host if this is available on your plan.
7. Keep everything updated
Security tools only work as well as the software behind them. Set Installatron's auto-updates for WordPress and check for DirectAdmin panel update notifications regularly.