Some CPanel hosts use a WordPress add on called WordPress Attack Protection that uses a random number addition challenge to prevent bots from brute-force attacking the wp-login.php authentication page. When moving your WordPress site to another carrier, this php script continues to block. To remove it from operation you merely have to rename the php file responsible for this challenge. The file is usually found in the / wp-content/mu-plugins directory. Rename the wp-login-protect.php file by adding the extension “.off” to the end of the filename.
In lieu of the host-imposed WordPress Attack Protection software there are a few alternatives: