Blocking website attacks from your phone, designed for WordPress users.
BruteBank is an interactive firewall plugin that allows WordPress owners and server administrators to receive real time threat notifications via a mobile app. This app then allows for immediate threat mitigation by blocking attacking IP addresses.
The BruteBank WordPress plugin monitors invalid login attempts to username and password logins as well as password protected pages. It then reports those attacks to the cloud for processing and fingerprinting.
Using the app you and your team are able to review attacking IP addresses organized by country and user. Blocking specific addresses or entire country and user targeted attacks with a swipe of your finger.
Instant Firewall Blocks
The threats you block in the app are imported by the BruteBank WordPress plugin blocking attackers instantly. Any further attempts by the attacker will result in a 403 forbidden message.
XML-RPC is a WordPress API that allows developers to login and manage your website content. Unless you’re sure your website is using this feature, you should disable it. With BruteBank you can disable the XML-RPC API to prevent attackers from brute forcing your login credentials with a flip of a switch.
Setting up the WordPress plugin is as easy as a few clicks.
Installing the WordPress Plugin
- Login to your WordPress WP-Admin area as an Administrator.
- Click on “Plugins -> Add New” in the left hand menu.
- Search for “Brutebank” in the keyword search.
- Click “Install Now” next to the BruteBank plugin.
Configuring the WordPress Plugin
- Navigate to the “Plugins -> Installed Plugins” section in the left hand menu.
- Click “Activate” next to the BruteBank plugin.
- Click “Settings” next to the BruteBank plugin.
- Copy and paste the public key and secret key you created in the “Setting up a Server key pair” section under “Getting Started”.
- Click the “Update” button.
Your WordPress plugin is now configured and reporting attacks to your mobile app!
Learn more and signup at BruteBank.io
How much does BruteBank cost?
BruteBank for WordPress is $4.95 per month. That’s only $0.16 per day!
Can I invite other users to manage threats?
Yes, you can invite an unlimited number of users to your team.
What are team rule sets?
Team rule sets are blocks identified by other servers on your team. You can configure the rule import URL to include or exclude team rules easily.
Where can I get support?
You can contact our support team via our website at: https://www.brutebank.io/support
Does BruteBank disable XMLRPC?
Yes! Simply turn on the “Disable XMLRPC” feature within the BruteBank settings. You can also add the below code to your .htaccess file if you’d like to remove it completely from public access, which is recommended.
<FilesMatch "^xmlrpc\.php$"> Require all denied </FilesMatch>
Does this plugin offer 2FA ( Two Factor Authentication )?
Yes! Simple turn on the “Enable 2FA ( Two Factor Authentication ) feature win the BruteBank settings.
以下人員參與了開源軟體〈BruteBank – WP Security & Firewall〉的開發相關工作。參與者
將〈BruteBank – WP Security & Firewall〉外掛本地化為台灣繁體中文版
Release Date – February 15, 2023
* WP-Login – added cached IP check before individual IP check of user.
Release Date – December 14, 2022
* Admin form updates
Release Date – June 1, 2022
* Server key validation and a warning when protection is not enabled.
Release Date – February 22, 2022
* 2FA updates
Release Date – December 2, 2021
* Performance improvements & server key management
Release Date – November 29, 2021
* Caching of top attacking IP addresses locally for greater speed
Release Date – August 31, 2021
* Extended the 2FA expiration to 30 seconds
Release Date – August 31, 2021
* Addition of <?php tags for servers that dont support PHP short tags
Release Date – August 27, 2021
* Introducing Two Factor Authentication ( 2FA )
Release Date – January 20, 2021
* Plugin name update to: BruteBank – WP Security & Firewall
Release Date – January 13, 2021
* Removed database upgrade IF NOT EXISTS for MySQL support.
Release Date – January 12, 2021
* Added support for 3rd party plugin “Password Protected” by Ben Husan.
Release Date – December 17, 2020
* Feature update: Added the ability to disable XMLRPC a well known bruteforce hacking interface in WordPress.
Release Date – July 22, 2020
* WP Admin menu icon update
* Additional IP address checks to ensure the correct IP is being logged.
Release Date – May 29, 2020
* Initial release.