Block Brute Force Attacks To Your Websites
This weeks Plugin of the Week is a great up and coming security plugin for WordPress. This plugin is a relatively unknown plugin that is gaining considerable ground. While it has been out for a while, since about April of this year, it has not seen a large number of downloads until July and a considerable jump in October of this year.
Today we are talking about the Brute Protect Plugin.
Plugin Version: 1.0.0.2b
WordPress Compatability: 3.8
Last Updated: 10-30-2013
Authors: Sam Hotchkiss, Rocco Tripaldi, Stephen Quirk
Average 5-Star Rating: 5
BruteProtect is a cloud-powered Brute Force attack prevention plugin. We leverage the millions of WordPress sites to identify and block malicious IPs
BruteProtect tracks failed login attempts across all installed users of the plugin. If any single IP has too many failed attempts in a short period of time, they are blocked from logging in to any site with this plugin installed. Once you install the plugin, you will need to get a free BruteProtect API key, which you can do directly from your WordPress dashboard.
This allows you to protect yourself against traditional brute force attacks AND distributed brute force attacks that use many servers and many IPs
Why we love BroteProtect
We love the concept that this plugin brings to the security world, Cloud Security. This perhaps has become a new niche in the security community and this plugin does its best to create security that not only affects one site but many.
For instance, we get a ton of login attempts to pages we do not even have public access for. This means that we also ban a ton of ip addresses simply based upon these attempts being intrusive and failing.
Using BruteProtect means that those users and ip address that are “banned” by the Brute Protect plugin will not be able to access our site AND any other site running the BruteProtect. plugin.
This means that now those systems cannot simply move from one site to another hoping to gain access. If you have a hundred websites with Brute Protect in place then you have effectively protected each site from the same user in one shot. This also helps other site owners by protecting them as well.
This plugin makes security a cloud based issue. This has the added benefit of taking away some of the processing power from your own website. Letting the Brute Force server take the brunt of having to process the bad guys.
As if this were not enough, the developers are providing top notch support for this plugin. With 20 of 24 support issues having been addressed over the last few months means they are keeping up to date and on top of things.
Having only 18k downloads for this plugin as of today seems quite low for such a plugin. We will be testing it further to make sure there are no major conflicts with other security options we use. You too should download it and check it out for yourself.
Grab BruteProtect from the WordPress.Org Repository here: