{"id":297063,"date":"2026-05-25T06:58:17","date_gmt":"2026-05-25T06:58:17","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/brute-force-protector\/"},"modified":"2026-05-25T06:57:53","modified_gmt":"2026-05-25T06:57:53","slug":"brute-force-protector","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/brute-force-protector\/","author":17551786,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.0","stable_tag":"1.0.0","tested":"7.0","requires":"5.2","requires_php":"7.2","requires_plugins":null,"header_name":"Brute Force Protector","header_author":"Kanhaiya Yaduwanshi","header_description":"Protect your WordPress site from brute force attacks.","assets_banners_color":"03293b","last_updated":"2026-05-25 06:57:53","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/wordpress.org\/plugins\/brute-force-protector","header_author_uri":"https:\/\/profiles.wordpress.org\/kanhayaduwanshi","rating":0,"author_block_rating":0,"active_installs":0,"downloads":28,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"kanhayaduwanshi","date":"2026-05-25 06:57:53"}},"upgrade_notice":{"1.0.0":"<p>Initial release of the Brute Force Protector plugin. Secure your site now!<\/p>"},"ratings":[],"assets_icons":{"icon.svg":{"filename":"icon.svg","revision":3547018,"resolution":false,"location":"assets","locale":false}},"assets_banners":{"banner-772x250.png":{"filename":"banner-772x250.png","revision":3547242,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3547018,"resolution":"1","location":"assets","locale":"","width":1027,"height":454}},"screenshots":{"1":"The settings page where you can configure the plugin.","2":"The error screen a user sees when their IP is blocked."}},"plugin_section":[],"plugin_tags":[2439,9374,1229,600,264263],"plugin_category":[54],"plugin_contributors":[264264],"plugin_business_model":[],"class_list":["post-297063","plugin","type-plugin","status-publish","hentry","plugin_tags-brute-force","plugin_tags-limit-login-attempts","plugin_tags-login-security","plugin_tags-security","plugin_tags-wp-admin-protection","plugin_category-security-and-spam-protection","plugin_contributors-kanhayaduwanshi","plugin_committers-kanhayaduwanshi"],"banners":{"banner":"https:\/\/ps.w.org\/brute-force-protector\/assets\/banner-772x250.png?rev=3547242","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":"https:\/\/ps.w.org\/brute-force-protector\/assets\/icon.svg?rev=3547018","icon":"https:\/\/ps.w.org\/brute-force-protector\/assets\/icon.svg?rev=3547018","icon_2x":false,"generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/brute-force-protector\/assets\/screenshot-1.png?rev=3547018","caption":"The settings page where you can configure the plugin."}],"raw_content":"<!--section=description-->\n<p>Brute Force Protector is your site's first line of defense against automated login attacks. Malicious bots constantly try to guess your password using brute force attacks, credential stuffing, and dictionary attacks \u2014 this plugin puts a complete stop to it.<\/p>\n\n<p>It works by tracking failed login attempts from each IP address. If an IP exceeds the configured number of failures in a short period, it gets temporarily blocked, preventing the attacker from making further attempts. This simple but effective method secures your login page, protects your wp-admin area, and strengthens your overall WordPress security without adding complexity.<\/p>\n\n<p><strong>Who needs this plugin?<\/strong><\/p>\n\n<p>If you are looking for a way to secure WordPress login, limit login attempts, block bots from wp-login.php, stop brute force password attacks, prevent unauthorized access to your WordPress dashboard, or simply improve your WordPress site security \u2014 this plugin is built for you. It is the ideal WordPress security plugin for beginners and professionals alike.<\/p>\n\n<p><strong>How it helps:<\/strong><\/p>\n\n<p>By acting as a login-level firewall, Brute Force Protector reduces the risk of hacked WordPress sites, compromised admin accounts, and malware injections that often start with a brute force attack. It is a lightweight, zero-configuration WordPress protection tool that starts working the moment it is activated.<\/p>\n\n<h4>Features<\/h4>\n\n<ul>\n<li><strong>Limit Login Attempts:<\/strong> Set a maximum number of failed login attempts before an IP is blocked.<\/li>\n<li><strong>Configurable Lockout Duration:<\/strong> Define how long a blocked IP should be denied access.<\/li>\n<li><strong>Simple Settings Page:<\/strong> Easily configure the plugin from the WordPress admin dashboard under \"Settings\" &gt; \"Brute Force Protector\".<\/li>\n<li><strong>Lightweight and Efficient:<\/strong> Designed to be fast and have a minimal impact on your site's performance.<\/li>\n<li><strong>Clears on Successful Login:<\/strong> The failed attempt counter is reset when a user successfully logs in.<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>brute-force-protector<\/code> folder to the <code>\/wp-content\/plugins\/<\/code> directory.<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress.<\/li>\n<li>Navigate to \"Settings\" &gt; \"Brute Force Protector\" to configure the settings.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"how%20do%20i%20know%20if%20an%20ip%20is%20blocked%3F\"><h3>How do I know if an IP is blocked?<\/h3><\/dt>\n<dd><p>When an IP is blocked, any attempt to access the login page from that IP will result in a \"Too many failed login attempts\" error screen, and they will be prevented from accessing the site.<\/p><\/dd>\n<dt id=\"can%20i%20change%20the%20number%20of%20allowed%20attempts%3F\"><h3>Can I change the number of allowed attempts?<\/h3><\/dt>\n<dd><p>Yes, you can easily change the maximum number of attempts and the lockout duration from the plugin's settings page, located at \"Settings\" &gt; \"Brute Force Protector\".<\/p><\/dd>\n<dt id=\"is%20this%20plugin%20heavy%20on%20my%20server%3F\"><h3>Is this plugin heavy on my server?<\/h3><\/dt>\n<dd><p>No. The plugin is designed to be extremely lightweight. It uses WordPress transients to temporarily store failed login data, which is a highly efficient method that has a negligible impact on server resources.<\/p><\/dd>\n<dt id=\"does%20this%20plugin%20help%20with%20wordpress%20admin%20login%20security%3F\"><h3>Does this plugin help with WordPress admin login security?<\/h3><\/dt>\n<dd><p>Yes. This plugin provides strong WordPress admin login security by monitoring and blocking suspicious IP addresses that repeatedly fail authentication. It acts as a login guard to protect wp-admin and wp-login.php from automated bots and hackers.<\/p><\/dd>\n<dt id=\"can%20this%20plugin%20hide%20or%20protect%20the%20admin%20login%20page%3F\"><h3>Can this plugin hide or protect the admin login page?<\/h3><\/dt>\n<dd><p>While this plugin does not rename or move the login URL, it effectively protects your admin login page by blocking brute force attackers after a set number of failed attempts. For full login page hiding or custom login URL functionality, this plugin's login protection works alongside plugins that obscure or rename the login page.<\/p><\/dd>\n<dt id=\"does%20this%20plugin%20prevent%20hack%20attempts%20and%20bot%20attacks%3F\"><h3>Does this plugin prevent hack attempts and bot attacks?<\/h3><\/dt>\n<dd><p>Yes. It is designed for hack prevention and bot protection. Automated attack prevention is at its core \u2014 the plugin detects and blocks spam bots and credential-stuffing attacks that try to break into your WordPress site.<\/p><\/dd>\n<dt id=\"is%20this%20plugin%20a%20wordpress%20firewall%20or%20web%20application%20firewall%20%28waf%29%3F\"><h3>Is this plugin a WordPress firewall or web application firewall (WAF)?<\/h3><\/dt>\n<dd><p>This plugin functions as a login-level firewall. It provides rate limiting and IP blocking at the login page, acting as an intrusion prevention layer. For a full web application firewall (WAF), you may pair it with a dedicated WordPress firewall plugin.<\/p><\/dd>\n<dt id=\"does%20it%20protect%20against%20credential%20stuffing%20and%20password%20guessing%3F\"><h3>Does it protect against credential stuffing and password guessing?<\/h3><\/dt>\n<dd><p>Yes. It limits login attempts to stop credential stuffing, password guessing, and dictionary attacks. By enforcing a login lockdown after too many failed login attempts, it effectively prevents unauthorized access from malicious IPs.<\/p><\/dd>\n<dt id=\"can%20it%20help%20with%20site%20hardening%3F\"><h3>Can it help with site hardening?<\/h3><\/dt>\n<dd><p>Absolutely. Login hardening is one of the most important aspects of site hardening and WordPress security. This plugin secures your login page and reduces the attack surface by blocking IPs that exhibit brute force behavior, complementing other security measures like two-factor authentication.<\/p><\/dd>\n<dt id=\"does%20it%20work%20with%20custom%20admin%20urls%20or%20renamed%20login%20pages%3F\"><h3>Does it work with custom admin URLs or renamed login pages?<\/h3><\/dt>\n<dd><p>Yes. If you use a plugin to move or rename your wp-login.php to a custom admin URL (login URL change), Brute Force Protector will still protect that login endpoint by monitoring failed login attempts through WordPress's native authentication hooks.<\/p><\/dd>\n<dt id=\"is%20this%20plugin%20useful%20for%20preventing%20unauthorized%20access%3F\"><h3>Is this plugin useful for preventing unauthorized access?<\/h3><\/dt>\n<dd><p>Yes. It is built specifically to prevent unauthorized access by blocking IPs after repeated failed login attempts. This makes it an essential WordPress protection and cyber security tool for any site that wants to block hackers and secure its admin area.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0 \u2013 2026-05-25<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<li>Tracks failed login attempts by IP.<\/li>\n<li>Temporarily blocks IPs that exceed the failure threshold.<\/li>\n<li>Adds a settings page to configure max attempts and lockout duration.<\/li>\n<\/ul>","raw_excerpt":"Protect your WordPress site from brute force attacks, login security threats, and unauthorized access. Limit login attempts, block malicious IPs, and  &hellip;","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/297063","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=297063"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/kanhayaduwanshi"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=297063"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=297063"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=297063"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=297063"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=297063"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=297063"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}