BruteFort — Rate Limit, Custom Login URL, Geo Blocking & IP Restriction

BruteFort is your WordPress site’s complete login security solution focused on four core protections: Rate Limit, Custom Login URL, Geo Blocking, and IP Restriction.

Protect against brute force attacks, hide your login page with a custom URL, block countries with geo rules, and control access using IP whitelists/blacklists — all in one lightweight, performance-optimized plugin.

Whether you’re running a blog, a WooCommerce store, or a membership site, BruteFort keeps bots, hackers, and unauthorized users out while maintaining fast page speeds.

🔐 Core Security Features

🛡️ Rate Limit & Brute Force Protection — Limit repeated login attempts per IP — Configure attempt windows and lockout duration — Apply progressive lockouts for repeated abuse — Reduce automated credential stuffing and bot attacks

🔗 Custom Login URL (Hide wp-login.php) — Replace the default /wp-login.php endpoint with your custom slug — Return 404 for direct wp-login.php requests — Reduce scanner and bot traffic on known login endpoints — Keep login access private for authorized users

🌐 Geo Blocking (Country-Based Restrictions) — Block or allow login attempts by country — Blacklist mode: Block specific countries from accessing wp-login.php — Whitelist mode: Only allow login from selected countries — IP geolocation detection (Cloudflare compatible) — Perfect for region-specific sites or blocking high-risk countries

📍 IP Restriction (Whitelist & Blacklist) — Enforce custom IP allow/deny rules for login protection — Add individual IPs or CIDR ranges — Instantly block suspicious IPs — Whitelist your own IP to prevent lockouts — Bulk IP management with easy interface

📊 Real-Time Monitoring & Logs — View failed login attempts in real-time — Track IP addresses, usernames, and timestamps — Filter logs by status, date, or IP — Manual unlock for accidentally locked users — Export logs for security audits

⚡ Performance & Compatibility — Lightweight and performance-optimized — Works with Cloudflare, proxy servers, and CDNs — Compatible with most security plugins — Dark mode UI support — No impact on page load speeds

🎯 Perfect For

• WooCommerce stores protecting customer data and preventing unauthorized access
• Membership sites restricting access by geographic location
• Corporate websites blocking countries where business doesn’t operate
• Blog owners hiding login page from automated bots and scanners
• Agencies managing multiple client sites with different security requirements
• High-traffic sites experiencing frequent brute force attacks
• International sites wanting region-specific login restrictions

🚀 Why Choose BruteFort?

• Core protection stack: Rate Limit + Custom Login URL + Geo Blocking + IP Restriction
• Easy to use: Simple, intuitive interface with no complex configuration
• Performance-focused: Minimal resource usage, no site slowdown
• SEO-friendly: Properly handles redirects and 404s
• Privacy-conscious: No external API calls for basic features (optional geo API)
• Regular updates: Actively maintained with new features added regularly