Brute Force Detect

Monitor and automatically trigger actions against WordPress brute force attacks.

WordPress installations are a frequent target of brute force attacks because the platform is so popular and has a login form. These types of attacks are not elegant and rely on guessing usernames and passwords over and over until a correct combination is found, which almost never happens. An unprotected website can expect anywhere from hundreds - thousands of failed login attempts which can cause your server to slow down or even go offline.

Brute Force Detect adds a layer of protection.

This plugin allows you to monitor, log, and take action on repeated failed login attempts. The attempts are detected using a combination of the username, password, and browser user agent. When a specific combination occurs often enough, the brute force detect action is fired, allowing the blocking plugins to react. By default we suggest logging only username and user agent combinations, since bots vary the password when attacking.