Jetpack’s security features are designed to protect your WordPress site from unauthorized access—especially when a password used in a login attempt has been found in a known data breach. In these cases, Jetpack may block the login and send a verification code to the user’s email as an extra layer of authentication.
While helpful, some site administrators may prefer to turn off this automatic email verification step, especially if they already use other security tools or manage user credentials through different systems.
What Is This Feature?
This feature is part of Jetpack’s Account Protection system. It enhances login security by detecting compromised passwords and preventing immediate access, even if the credentials are technically correct. Jetpack will then prompt the user to verify their identity via an emailed code.
How to Turn It Off
If you want to disable this behavior, follow these steps:
- Go to your WordPress admin dashboard.
- Navigate to Jetpack → Settings → Security.
- Scroll down to the section labeled Account Protection.
- Locate the option:
“Protect your site with advanced password detection and profile management protection.” - Toggle the switch to the off position (gray).
Once disabled, Jetpack will no longer check for leaked passwords during login, and users won’t be prompted to enter a verification code via email—even if their password appears in a known breach.
Important Security Considerations
Turning off this feature reduces your site’s protection against credential-stuffing attacks and other common threats. If you disable it, consider these alternatives:
- Enforce strong passwords for all users.
- Enable a dedicated Two-Factor Authentication (2FA) plugin.
- Regularly audit user accounts for unusual login activity.
Final Thoughts
Jetpack’s password leak detection is a valuable safety net for most sites, but it’s not mandatory. If you’re confident in your existing security stack, disabling the email verification code feature is quick and easy through the Account Protection toggle.
Need help configuring Jetpack or exploring other security options? Let me know—I’m happy to assist.