Plugin Directory

Test out the new Plugin Directory and let us know what you think.
!This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Botnet Attack Blocker

This plugin blocks distributed botnet brute-force attacks on your WordPress installation.

After the recent global distributed botnet attack on WordPress installations that took down servers and broke into admin accounts, I thought I'd write a plugin to prevent it happening again.

Distributed botnet attacks can come from multiple IP addresses and locations at the same time, so conventional IP-based lockouts are not effective (e.g. those found in Wordfence and other WordPress security plugins).

For example, if 1,000 different computers (with unique IP addresses) are trying to brute-force your admin password and you lock out each IP address after 5 incorrect attempts then you have still allowed 5,000 attempts. My plugin essentially ignores the different IP addresses and locks out all admin login attempts in a configurable way - so if you have it set to 5 failed attempts (default) then those 1,000 different computers will only have a total between them of 5 attempts.

You can select how many login failures causes the lockout, how much time to allow between failures, how long to block logins for and also you can input a whitelisted IP address (or multiple addresses separated with commas or spaces) which can bypass the lockdown and always log in - so you can still always get into your site even in the middle of an attack. Version 1.1 adds support for partial IP address matching for those with dynamic IP addresses.

  • Any failed login is counted regardless of username or IP address (unless whitelisted)
  • Once locked down, nobody can log in except from whitelisted IP addresses
  • You can specify the number of login failures that triggers a lockdown
  • You can specify the time between failed attempts that should be counted
  • You can specify how long the lockdown should last
  • You can add whitelisted IP addresses that bypass the lockdown
  • Partial IP address matching for dynamically-allocated IP addresses
  • Multisite compatible
  • Now available in French, German, Italian and Russian

Requires: 3.0.0 or higher
Compatible up to: 3.7.18
Last Updated: 3 years ago
Active Installs: 2,000+


4.2 out of 5 stars


Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1 50,2,1 100,2,2 100,1,1 100,1,1 100,2,2 100,1,1 100,1,1
100,2,2 100,1,1 100,1,1
100,1,1 100,1,1