Description

BruteFort is your WordPress site’s complete login security solution focused on four core protections: Rate Limit, Custom Login URL, Geo Blocking, and IP Restriction.

Protect against brute force attacks, hide your login page with a custom URL, block countries with geo rules, and control access using IP whitelists/blacklists – all in one lightweight, performance-optimized plugin.

Whether you’re running a blog, a WooCommerce store, or a membership site, BruteFort keeps bots, hackers, and unauthorized users out while maintaining fast page speeds.

🔐 Core Security Features

🛡️ Rate Limit & Brute Force Protection
– Limit repeated login attempts per IP
– Configure attempt windows and lockout duration
– Apply progressive lockouts for repeated abuse
– Reduce automated credential stuffing and bot attacks

🔗 Custom Login URL (Hide wp-login.php)
– Replace the default /wp-login.php endpoint with your custom slug
– Return 404 for direct wp-login.php requests
– Reduce scanner and bot traffic on known login endpoints
– Keep login access private for authorized users

🌐 Geo Blocking (Country-Based Restrictions)
– Block or allow login attempts by country
– Blacklist mode: Block specific countries from accessing wp-login.php
– Whitelist mode: Only allow login from selected countries
– IP geolocation detection (Cloudflare compatible)
– Perfect for region-specific sites or blocking high-risk countries

📍 IP Restriction (Whitelist & Blacklist)
– Enforce custom IP allow/deny rules for login protection
– Add individual IPs or CIDR ranges
– Instantly block suspicious IPs
– Whitelist your own IP to prevent lockouts
– Bulk IP management with easy interface

📊 Real-Time Monitoring & Logs
– View failed login attempts in real-time
– Track IP addresses, usernames, and timestamps
– Filter logs by status, date, or IP
– Manual unlock for accidentally locked users
– Export logs for security audits

⚡ Performance & Compatibility
– Lightweight and performance-optimized
– Works with Cloudflare, proxy servers, and CDNs
– Compatible with most security plugins
– Dark mode UI support
– No impact on page load speeds

🎯 Perfect For

WooCommerce stores protecting customer data and preventing unauthorized access
Membership sites restricting access by geographic location
Corporate websites blocking countries where business doesn’t operate
Blog owners hiding login page from automated bots and scanners
Agencies managing multiple client sites with different security requirements
High-traffic sites experiencing frequent brute force attacks
International sites wanting region-specific login restrictions

🚀 Why Choose BruteFort?

Core protection stack: Rate Limit + Custom Login URL + Geo Blocking + IP Restriction
Easy to use: Simple, intuitive interface with no complex configuration
Performance-focused: Minimal resource usage, no site slowdown
SEO-friendly: Properly handles redirects and 404s
Privacy-conscious: No external API calls for basic features (optional geo API)
Regular updates: Actively maintained with new features added regularly

Captures d’écrans

Dashboard Overview – Rate Limit Settings
Custom Login URL Settings – Hide wp-login.php
Geo Blocking Settings – Country-based restrictions
IP Whitelist/Blacklist Management
Real-time Login Attempt Logs

Installation

Upload the plugin files to the /wp-content/plugins/brutefort directory, or install the plugin through the WordPress plugin screen directly.
Activate the plugin through the ‘Plugins’ screen in WordPress
Go to Settings > BruteFort to configure IP restrictions, whitelist/blacklist, and login attempt limits.
Navigate to Custom Login URL tab to set up a custom login slug and hide wp-login.php
Use Geo Blocking tab to block or allow countries from accessing your login page

FAQ

Does this plugin slow down my site?: No. BruteFort is lightweight and optimized for performance, with minimal impact on page load times.
How does the custom login URL feature work?: BruteFort creates a custom slug (e.g., /secure-login) for your login page and automatically blocks access to /wp-login.php, returning a 404 error to unauthorized users.
What is Geo Blocking and how does it work?: Geo Blocking restricts login attempts based on the visitor’s country. You can either blacklist specific countries (block mode) or whitelist only allowed countries (allow mode). It uses IP geolocation to detect the user’s location.
Can I whitelist my own IP address?: Yes! Add your IP to the whitelist to ensure you’re never locked out, even if other restrictions are active.
What happens if I forget my custom login URL?: You can disable the custom login URL feature via FTP by deactivating the plugin, or by accessing your database to change the setting.
Does Geo Blocking work with VPNs or proxy servers?: Yes, BruteFort is compatible with Cloudflare and most proxy servers. It checks the CF-IPCountry header first, then falls back to IP-based geolocation.
Is this compatible with other security plugins?: Yes. BruteFort works alongside most WordPress security plugins like Wordfence, iThemes Security, and All In One WP Security.
Can I block entire countries from logging in?: Yes! The Geo Blocking feature lets you select specific countries to block or allow for login attempts.

Avis

Purshottam Nepal 13 décembre 2025

Thanks to this plugin, my clients are happier than ever.This plugin does exactly what it promises and does it exceptionally well. If you’re serious about WordPress login security and want reliable brute-force protection without headaches, Brutefort is a must-have. Highly recommended!

Niraj Chaudhary 20 novembre 2025

I love the new feature that hides the wp-login page, and you don’t even have to create a new page for it. It works perfectly and adds a nice extra layer of security.

lazyowner458 13 novembre 2025 1 réponse

My server went down four times over the past month, with constant bot attacks trying to login into my admin dashboard. I tried Wordfence but it was a really confusing and also didn’t want to pay $149 for the feature I wanted. Brutefort was simple and did the job. Thanks! However you can add some features like geo-blocking / geo-throttling.

Lire les 3 avis

Contributeurs/contributrices & développeurs/développeuses

« BruteFort – Rate Limit, Custom Login URL, Geo Blocking & IP Restriction » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.

Yoyal Limbu

Traduisez « BruteFort – Rate Limit, Custom Login URL, Geo Blocking & IP Restriction » dans votre langue.

Le développement vous intéresse ?

Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.

Journal des modifications

0.0.8 – 28/05/2025

Fix – WordPress 7.0 support.

0.0.7 – 20/11/2025

Fix – Removed extra tags and shortened extra long short descriptions.

0.0.6 – 19/11/2025

Feature – Custom Login URL: Hide wp-login.php and create custom login slugs
Feature – Geo Blocking: Block or allow login attempts by country (blacklist/whitelist mode)
Feature – Complete country list (249 countries) for geo-blocking
Enhance – Unified card-based UI design across all settings pages
Enhance – Improved toggle switches and form controls
Enhance – Better dark mode support throughout the plugin
Fix – LogsService type error causing fatal errors on live sites

0.0.5 – 14/11/2025

Fix – Entry already exists issue on setup wizard

0.0.4 – 14/11/2025

Feature – Basic Setup wizard
Enhance – Refresh option on logs page
Fix – Dark mode design update on datatable and modals
Fix – Unlock feature for locked users

0.0.3 – 13/11/2025

Fix – Settings redirect from all plugins page
Fix – Compatibility with 7.4

0.0.2 – 12/11/2025

Fix – Autoload not working issue

0.0.1 – 12/11/2025

Initial release – login protection, IP whitelist/blacklist, brute force detection

Does Exactly What It Should — No Bloat

Great plugin—simple, easy to use

My server is thanking you

Description

🔐 Core Security Features

🎯 Perfect For

🚀 Why Choose BruteFort?

Captures d’écrans

Installation

FAQ

Does this plugin slow down my site?

How does the custom login URL feature work?

What is Geo Blocking and how does it work?

Can I whitelist my own IP address?

What happens if I forget my custom login URL?

Does Geo Blocking work with VPNs or proxy servers?

Is this compatible with other security plugins?

Can I block entire countries from logging in?