WordPress.org

Plugin Directory

Brute Force Login Protection

Protects your website against brute force login attacks using .htaccess

A Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. Brute Force Login Protection is a lightweight plugin that protects your website against brute force login attacks using .htaccess.

After a specified limit of login attempts within a specified time, the IP address of the hacker will be blocked.

Features

  • Limit the number of allowed login attempts using normal login form
  • Limit the number of allowed login attempts using Auth Cookies
  • Manually block/unblock IP addresses
  • Manually whitelist trusted IP addresses
  • Delay execution after a failed login attempt (to slow down brute force attack)
  • Option to inform user about remaining attempts on login page
  • Option to email administrator when an IP has been blocked
  • Custom message to show to blocked users

Contribute

If you'd like to make a contribution to the Brute Force Login Protection plugin, you can submit a pull request to our GitHub Repository. You can also create a thread in our Support Forum. Your feedback is highly appreciated!

Donate

If you'd like to make a donation to the Brute Force Login Protection plugin, you can do so via PayPal by clicking here.

Requires: 2.7.0 or higher
Compatible up to: 4.2.3
Last Updated: 2015-5-19
Active Installs: 10,000+

Ratings

4.6 out of 5 stars

Support

1 of 5 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1
100,1,1
100,1,1 100,1,1 100,1,1
100,1,1
100,1,1
100,1,1
100,1,1
100,1,1
100,1,1
100,1,1
100,1,1
67,3,2