dashifen/anti-brute-squad

A WordPress MU plugin that prevents brute force attacks by limiting the number of failed login attempts during a browser session.

Maintainers

Details

github.com/dashifen/wp-mu-plugin-anti-brute-squad

Source

Issues

Installs: 71

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 0

Open Issues: 0

Type:wordpress-muplugin

3.1.1 2025-02-24 00:45 UTC

Requires

MIT 1d9f5100cb517f2f27757d12439000646cc8a530

  • David Dashifen Kees <dashifen.woop@dashifen.com>

This package is auto-updated.

Last update: 2025-02-24 00:45:20 UTC

README

Anti-Brute Squad is a very straightforward way to block access to your WordPress Dashboard after a certain number of failed login attempts. By default, that number is five, but you can change it with a filter (see below).

It's setup to become a composer dependency, but if that's not your way of handling WordPress plugins, feel free to simply copy the logic out of the src/AntiBruteSquad.php file. If you do use composer, then as long as you are using both the composer/installers and lkwdwrd/wp-muplugin-loader packages, Anti-Brute Squad should load up as an MU plugin.

As written, this plugin requires at least PHP 8.2. It has been tested up to PHP 8.4.

Filters

  1. anti-brute-squad-login-limit - changes the number of failed login attempts a visitor has before they're locked out. The default is five.

  2. anti-brute-squad-access-blocked-message - the default message that appears on-screen accompanying an HTTP 401 Unauthorized header when a visitor exceeds that limit. The default is "You are not authorized to access this site." This can also be changed via the WordPress internationalization capabilities if it's easier for you to do so.