Deskripsi

BruteFort is your WordPress site’s complete login security solution. Protect against brute force attacks, hide your login page with a custom URL, block countries using geo-blocking, and manage IP restrictions — all in one lightweight, performance-optimized plugin.

Whether you’re running a blog, a WooCommerce store, or a membership site, BruteFort keeps bots, hackers, and unauthorized users out while maintaining fast page speeds.

🔐 Key Features

🌐 Geo Blocking (Country-Based Restrictions)
– Block or allow login attempts by country
– Blacklist mode: Block specific countries from accessing wp-login.php
– Whitelist mode: Only allow login from selected countries
– IP geolocation detection (Cloudflare compatible)
– Perfect for region-specific sites or blocking high-risk countries

🔗 Custom Login URL (Hide wp-login.php)
– Hide default WordPress login page (wp-login.php)
– Create custom login slug (e.g., yoursite.com/secure-access)
– Automatically redirect wp-login.php to 404
– Prevent automated bot attacks targeting /wp-login.php
– Easy to remember custom URLs for authorized users

🛡️ Brute Force Protection & Rate Limiting
– Block brute force attacks with smart rate limiting
– Set maximum login attempts per IP address
– Configurable time windows and lockout durations
– Progressive lockout extensions for repeated attacks
– Custom error messages for locked users

📍 IP Whitelist & Blacklist Management
– Manage custom IP whitelists and blacklists
– Add individual IPs or CIDR ranges
– Instantly block suspicious IPs
– Whitelist your own IP to prevent lockouts
– Bulk IP management with easy interface

📊 Real-Time Monitoring & Logs
– View failed login attempts in real-time
– Track IP addresses, usernames, and timestamps
– Filter logs by status, date, or IP
– Manual unlock for accidentally locked users
– Export logs for security audits

⚡ Performance & Compatibility
– Lightweight and performance-optimized
– Works with Cloudflare, proxy servers, and CDNs
– Compatible with most security plugins
– Dark mode UI support
– No impact on page load speeds

🎯 Perfect For

WooCommerce stores protecting customer data and preventing unauthorized access
Membership sites restricting access by geographic location
Corporate websites blocking countries where business doesn’t operate
Blog owners hiding login page from automated bots and scanners
Agencies managing multiple client sites with different security requirements
High-traffic sites experiencing frequent brute force attacks
International sites wanting region-specific login restrictions

🚀 Why Choose BruteFort?

All-in-one solution: Custom login URL + Geo blocking + IP restrictions in one plugin
Easy to use: Simple, intuitive interface with no complex configuration
Performance-focused: Minimal resource usage, no site slowdown
SEO-friendly: Properly handles redirects and 404s
Privacy-conscious: No external API calls for basic features (optional geo API)
Regular updates: Actively maintained with new features added regularly

Tangkapan Layar

Dashboard Overview – Rate Limit Settings
Custom Login URL Settings – Hide wp-login.php
Geo Blocking Settings – Country-based restrictions
IP Whitelist/Blacklist Management
Real-time Login Attempt Logs

Instalasi

Upload the plugin files to the /wp-content/plugins/brutefort directory, or install the plugin through the WordPress plugin screen directly.
Activate the plugin through the ‘Plugins’ screen in WordPress
Go to Settings > BruteFort to configure IP restrictions, whitelist/blacklist, and login attempt limits.
Navigate to Custom Login URL tab to set up a custom login slug and hide wp-login.php
Use Geo Blocking tab to block or allow countries from accessing your login page

Tanya Jawab

Does this plugin slow down my site?: No. BruteFort is lightweight and optimized for performance, with minimal impact on page load times.
How does the custom login URL feature work?: BruteFort creates a custom slug (e.g., /secure-login) for your login page and automatically blocks access to /wp-login.php, returning a 404 error to unauthorized users.
What is Geo Blocking and how does it work?: Geo Blocking restricts login attempts based on the visitor’s country. You can either blacklist specific countries (block mode) or whitelist only allowed countries (allow mode). It uses IP geolocation to detect the user’s location.
Can I whitelist my own IP address?: Yes! Add your IP to the whitelist to ensure you’re never locked out, even if other restrictions are active.
What happens if I forget my custom login URL?: You can disable the custom login URL feature via FTP by deactivating the plugin, or by accessing your database to change the setting.
Does Geo Blocking work with VPNs or proxy servers?: Yes, BruteFort is compatible with Cloudflare and most proxy servers. It checks the CF-IPCountry header first, then falls back to IP-based geolocation.
Is this compatible with other security plugins?: Yes. BruteFort works alongside most WordPress security plugins like Wordfence, iThemes Security, and All In One WP Security.
Can I block entire countries from logging in?: Yes! The Geo Blocking feature lets you select specific countries to block or allow for login attempts.

Ulasan

Purshottam Nepal 13 Desember 2025

Thanks to this plugin, my clients are happier than ever.This plugin does exactly what it promises and does it exceptionally well. If you’re serious about WordPress login security and want reliable brute-force protection without headaches, Brutefort is a must-have. Highly recommended!

Niraj Chaudhary 20 November 2025

I love the new feature that hides the wp-login page, and you don’t even have to create a new page for it. It works perfectly and adds a nice extra layer of security.

lazyowner458 13 November 2025 1 balasan

My server went down four times over the past month, with constant bot attacks trying to login into my admin dashboard. I tried Wordfence but it was a really confusing and also didn’t want to pay $149 for the feature I wanted. Brutefort was simple and did the job. Thanks! However you can add some features like geo-blocking / geo-throttling.

Baca semua 3 ulasan

Kontributor & Pengembang

“BruteFort” adalah perangkat lunak open source. Berikut ini mereka yang sudah berkontribusi pada plugin ini.

Yoyal Limbu

Terjemahkan “BruteFort” dalam bahasa Anda.

Tertarik mengembangkan?

Lihat kode, periksa repositori SVN , atau mendaftar ke log pengembangan melalui RSS.

Log Perubahan

0.0.7 – 20/11/2025

Fix – Removed extra tags and shortened extra long short descriptions.

0.0.6 – 19/11/2025

Feature – Custom Login URL: Hide wp-login.php and create custom login slugs
Feature – Geo Blocking: Block or allow login attempts by country (blacklist/whitelist mode)
Feature – Complete country list (249 countries) for geo-blocking
Enhance – Unified card-based UI design across all settings pages
Enhance – Improved toggle switches and form controls
Enhance – Better dark mode support throughout the plugin
Fix – LogsService type error causing fatal errors on live sites

0.0.5 – 14/11/2025

Fix – Entry already exists issue on setup wizard

0.0.4 – 14/11/2025

Feature – Basic Setup wizard
Enhance – Refresh option on logs page
Fix – Dark mode design update on datatable and modals
Fix – Unlock feature for locked users

0.0.3 – 13/11/2025

Fix – Settings redirect from all plugins page
Fix – Compatibility with 7.4

0.0.2 – 12/11/2025

Fix – Autoload not working issue

0.0.1 – 12/11/2025

Initial release – login protection, IP whitelist/blacklist, brute force detection

Does Exactly What It Should — No Bloat

Great plugin—simple, easy to use

My server is thanking you

Deskripsi

🔐 Key Features

🎯 Perfect For

🚀 Why Choose BruteFort?

Tangkapan Layar

Instalasi

Tanya Jawab

Does this plugin slow down my site?

How does the custom login URL feature work?

What is Geo Blocking and how does it work?

Can I whitelist my own IP address?

What happens if I forget my custom login URL?

Does Geo Blocking work with VPNs or proxy servers?

Is this compatible with other security plugins?

Can I block entire countries from logging in?