Have you tried CleanTalk WordPress FireWall & Security plugin?

Brute force attack is an exhaustive password search to get full access to an Administrator account.

Security & Firewall by CleanTalk protect WordPress against Brute force hacks.

Start Now

We make the Internet safe with website firewall Protect your websites with the CleanTalk Cloud Security

All in one WordPress security and firewall plugin is taken very seriously and our WordPress security service works to keep your website safe.

Hackers want to get access to your website and use it to get backlinks from your site to improve their site's PageRank or redirect your visitors to malicious sites or use your website to send spam and viruses or other attacks. These attacks can damage your reputation with readers and commentators if you fail to tackle it.

It is not uncommon for some WordPress websites to receive hundreds or even thousands of attacks every week.

However, by using the Security CleanTalk plugin, all attacks will be stopped on your WordPress website.

What we do for youSecurity Features. CleanTalk protects your website from online threats

Brute-force Protection

Adds a delay of few seconds for any failed attempt to login to WordPress back-end.
Service will check your security log once per hour and if some IP’s have 10 and more attempts to log in, then these IP’s will be banned for next 24 hours. It makes your website security tougher and doesn’t waste the server’s resources on these IP’s.

Security Report every 24 hours

Every day the plugin sends Security report to your email. The report provides data on the number of incorrect password entries and the IP addresses from which the tried to sign in.

Login Attempts and Password Searching Log

Security log keeps online a log of attempts to log in. Security log includes IP/Country/data/time, username and action result, was authorization successful or failed.

User Actions Log (Audit)

Keeps track of actions in the WP Dashboard to let you know what is happening on your blog.
With the Security Audit Log is very easy to see user activity in order to understand what changes have done and who made them.
Security Audit Log shows who logged in and when and how much time they spent on each page.

Blocking access to your website by IP, e-mail (Black & White Lists)

Security FireWall may significantly reduce the risk of hacking and reduces the load on your web server. Use personal BlackList to block IP addresses with a suspicious activity to enhance the WordPress security.
To enhance the security of your site, you can use the Security FireWall, which allows you to block access to your website by HTTP/HTTPS for individual IP addresses, IP networks and e-mails.

Blocking access to your website by countries

Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard.

Security Traffic Control

CleanTalk Security Traffic Control will track every single visitor no matter if they are using JavaScript or not and provides many valuable traffic parameters such as:

  • Date and time of the visit to your website;
  • Spent time on your website;
  • IP-addresses;
  • Source country;
  • Browser;
  • Operational System;
  • Type of the visitor — Visitor, Search Bot, different bot, suspicious bot and so on;
  • Number of visited pages.


  • Block specific IP-address, network or country directly from the interface.
  • Block IP-address automatically if the threshold of average quantity of visited pages was exceeded.

Usage of the CleanTalk Database of Dangerous IP Addresses

Stopping Hackers with Firewall Plugin, WordPress security is one of the important things do you need, you can use the CleanTalk website firewall protection, which will allow you to block access by HTTP/HTTPS to your website for individual IP addresses, IP networks and block access to users from specific countries. Use personal BlackList to block IP addresses with a suspicious activity to enhance the WordPress security.

New option BlackIPs Database — is the database of the most active IP addresses where massive spam and brute force attacks come from. When IP starts attacking a few websites they are immediately added to the blacklist. IPs that stop attacking are being removed over time and that time is relatively short — usually about 2 weeks.

Notifications of administrator users authorizations to your website backend

Notification will be sent only when a user was able to authorize entering login and password. If you are logged into the admin panel from the saved session, then the alert won’t be sent.

WordPress Malware Scanner

Scan a website for malware to protects your website from viruses and deletes infected code from files. Security Malware Scanner runs manually in the settings. All of the results will send in your CleanTalk Dashboard with the details and you will be able to investigate them and see if that was a legitimate change or some bad code was injected.

WordPress malware removal plugin shows a list of suspicious files and you can view code that was indicated as bad. If you don’t have a programming experience and don’t know, is there a bad code or not, you will be able to send some files to CleanTalk and we will check them for malware code.

WordPress Web Application Firewall

The main purpose of Web Application FireWall is to protect the Web application from unauthorized access, even if there are critical vulnerabilities. Web Application Firewall for WordPress catches all requests to your website and checks HTTP parameters that include: SQL Injection, Cross Site Scripting (XSS), uploading files from non-authorised users, PHP constructions/code, the presence of malicious code in the downloaded files.

CleanTalk Web Application FireWall for WordPress is the proactive defense against known and unknown vulnerabilities to prevent hacks in real-time.

For all other CMS, CleanTalk has developed a universal Uniforce security plugin for all types of websites to protect against online attacks and website hacking attempts. Please, read more How to install Universal Security Plugin for websites.