WordPress security and firewall plugin

A WordPress login security plugin featuring real time brute force IP address blocking and Two Factor Authentication ( 2FA ).

wordpressDownload BruteBank
Your activity is below
0 | new threat notifications
0 | imminent threats
Site Name
Site Name
Site Name

Why choose BruteBank?

Simple WordPress Security

BruteBank is easy. Use our mobile app to block intrusion attempts with one swipe. BruteBank push notifications alert you whenever your site is at risk.

Auto Block Hackers

BruteBank is always on. Automatically block brute force attacks based on rules you set for your account.

Instant Blocking

BruteBank is ready to protect one or all of your WordPress sites. After blocking an attacking hacker, their IP address is instantly banned.

WordPress Brute Force Protection

Stop Brute Force Attacks

WordPress is one of the most popular Content Management Systems (CMS) out there. Unfortunately, it's also one of the most targeted by hackers. Brute force attacks are a common type of attack on WordPress sites. These attacks involve an attacker trying multiple combinations of usernames and passwords until they find the right one to gain access to a site. It can be difficult to stop brute force attacks altogether, but there are steps you can take to protect your WordPress site. One effective method is to use a tool like BruteBank, which can help protect your website from this type of attack. With BruteBank, you can rest assured that your WordPress site is safe and secure from any potential threats.


Login Monitoring

The BruteBank WordPress security plugin monitors invalid WordPress login attempts (as well as password protected pages). BruteBank then reports those attacks to the cloud for processing and fingerprinting.

Invalid LoginReported to BruteBank.io for fingerprinting

Unknown username. Check again or try your email address.

Lost your password?

← Back to Website

1h ago
Multiple Service Attacks Detected
199 Attacks from China, Thailand and 15 others


App Alerts

Using the app you are able to review attacking IP addresses organized by country and user. Block specific addresses, an entire country or user targeted attacks - all with a swipe of your finger.


Firewall Blocks

The threats you block in the app are imported by the BruteBank Wordpress plugin - blocking attackers instantly. Any further attempts by the attacker will result in a 403 forbidden message.


Access Denied

You do not have permission to access this page.




XML-RPC is a WordPress API that allows developers to login and manage your website content. Unless you're sure your website is using this feature, you should disable it. With BruteBank you can disable the XML-RPC API to prevent attackers from brute forcing your login credentials with a flip of a switch.

Two Factor


Manage admin access to your WordPress website directly from our mobile app. Approve or deny any successfully admin logins with 2FA using the tap of a button.

Admin is requesting two-factor authentication.
Approve Reject
2 Factor


Frequently Asked Questions

  • What is a brute force attack?

    Brute forces are attacks by hackers whose attempts are trial by error. It is usually a process to guess your login data using automated programs. In fact the hacking process involves searching your password and username combinations. Hacks often exploit other websites' vulnerabilities to gain access. For instance, hackers could access your information using outdated applications, plugins, and themes. Even older versions of WordPress can make the web security compromised. In contrast, brute-force attacks have low login credentials. Hackers can get into websites using a computer code, a guessing password such as “123456”.

  • Can WordPress be brute forced?

    Any website that has an administrative login is exposed to attack by brute force. This includes WordPress and all of it's plugins and components.

  • How common are brute force attacks on WordPress?

    Brute force attacks on WordPress websites all over the world occur 24 hours a day 7 days a week. There is a constant threat hackers attacking your website.

  • Is WordPress safe from brute force login attempts?

    Typically brute force attack attempts are made by attempting to login to a WordPress administrator account. However, they often target common usernames or users exposed by blog articles written on your website. Both are easily found and exploited with common passwords unless there's a plugin firewall in place to stop them.

Honest Pricing

Find the pricing plan that suits you best


$4.95 monthly

 1 Server or WordPress site
 Server Firewall Protection
 WordPress Security Plugin
 Mobile App Integration
 Unlimited Updates


$39.95 monthly

 5 Servers or WordPress sites
 Server Firewall Protection
 WordPress Security Plugin
 Mobile App Integration
 Unlimited Updates

Try it free for 30 days

$99.95 monthly

 10 Servers or WordPress sites
 Server Firewall Protection
 WordPress Security Plugin
 Mobile App Integration
 Unlimited Updates

Space Station

$199.95 monthly

 20 Servers or WordPress sites
 Server Firewall Protection
 WordPress Security Plugin
 Mobile App Integration
 Unlimited Updates


Download BruteBank

Try BruteBank free for 30 days

WordPressDownload BruteBank

Stay Informed

Subscribe to our newsletter for updates and upcoming releases. We won't share your information. Period.