XeroWP
BruteFort – Rate Limit, Custom Login URL, Geo Blocking & IP Restriction
BruteFort – Rate Limit, Custom Login URL, Geo Blocking & IP Restriction

BruteFort – Rate Limit, Custom Login URL, Geo Blocking & IP Restriction

5/5 (3 ratings) — active installs Updated May 28, 2026
Brute Forcecustom login urlgeo blockingIP restrictionlogin protection
Download v0.0.8 Plugin Website
Dashboard Overview - Rate Limit Settings

Dashboard Overview - Rate Limit Settings

BruteFort is your WordPress site’s complete login security solution focused on four core protections: Rate Limit, Custom Login URL, Geo Blocking, and IP Restriction.

Protect against brute force attacks, hide your login page with a custom URL, block countries with geo rules, and control access using IP whitelists/blacklists – all in one lightweight, performance-optimized plugin.

Whether you’re running a blog, a WooCommerce store, or a membership site, BruteFort keeps bots, hackers, and unauthorized users out while maintaining fast page speeds.

🔐 Core Security Features

🛡️ Rate Limit & Brute Force Protection
– Limit repeated login attempts per IP
– Configure attempt windows and lockout duration
– Apply progressive lockouts for repeated abuse
– Reduce automated credential stuffing and bot attacks

🔗 Custom Login URL (Hide wp-login.php)
– Replace the default /wp-login.php endpoint with your custom slug
– Return 404 for direct wp-login.php requests
– Reduce scanner and bot traffic on known login endpoints
– Keep login access private for authorized users

🌐 Geo Blocking (Country-Based Restrictions)
– Block or allow login attempts by country
– Blacklist mode: Block specific countries from accessing wp-login.php
– Whitelist mode: Only allow login from selected countries
– IP geolocation detection (Cloudflare compatible)
– Perfect for region-specific sites or blocking high-risk countries

📍 IP Restriction (Whitelist & Blacklist)
– Enforce custom IP allow/deny rules for login protection
– Add individual IPs or CIDR ranges
– Instantly block suspicious IPs
– Whitelist your own IP to prevent lockouts
– Bulk IP management with easy interface

📊 Real-Time Monitoring & Logs
– View failed login attempts in real-time
– Track IP addresses, usernames, and timestamps
– Filter logs by status, date, or IP
– Manual unlock for accidentally locked users
– Export logs for security audits

⚡ Performance & Compatibility
– Lightweight and performance-optimized
– Works with Cloudflare, proxy servers, and CDNs
– Compatible with most security plugins
– Dark mode UI support
– No impact on page load speeds

🎯 Perfect For

  • WooCommerce stores protecting customer data and preventing unauthorized access
  • Membership sites restricting access by geographic location
  • Corporate websites blocking countries where business doesn’t operate
  • Blog owners hiding login page from automated bots and scanners
  • Agencies managing multiple client sites with different security requirements
  • High-traffic sites experiencing frequent brute force attacks
  • International sites wanting region-specific login restrictions

🚀 Why Choose BruteFort?

  • Core protection stack: Rate Limit + Custom Login URL + Geo Blocking + IP Restriction
  • Easy to use: Simple, intuitive interface with no complex configuration
  • Performance-focused: Minimal resource usage, no site slowdown
  • SEO-friendly: Properly handles redirects and 404s
  • Privacy-conscious: No external API calls for basic features (optional geo API)
  • Regular updates: Actively maintained with new features added regularly