A brute-force attack is an attempt by the attacker to discover a password by trying a combination of letters, numbers, and symbols until he discovers the one correct combination that works. If successful, a brute force login attack enables the attacker to hack your account, log in to your site and steal information.


If your site does not require any login protection, you are a good target for a brute-force attack.

Shield's Brute Force feature is designed to block brute force hacking attacks against your login and registration pages.

Brute Force options explanations

Option: Bot Protection

This option prevents login attempts by bots. It adds a dynamically (Javascript) generated checkbox to the login form.


Learn more about what is GASP Protected WordPress Login here.


If you want to enable this option, click the slider.


Option: Login Cooldown Interval

This option limits login attempts to every X seconds. The value you decide on here represents the time, in seconds, that WordPress will be forced to wait before processing any other login attempt after the previous attempt. Without a cool-down option, bots connecting from anywhere can try and authenticate with your site as much and as often as they can.


Note: WordPress will process only ONE login attempt for every number of seconds specified.

Zero (0) turns this off; Default: 10

Learn more about Login Cooldown here.


Option: User Registration

This option applies Brute Force Protection to user registration and lost password. 


When enabled, settings in this section will also apply to new user registration and users trying to reset passwords.


To find out How to add GASP protection to the WordPress login screen read our blog article here.


Option: 3rd-Party Support

This option helps you to add support for 3rd-party login, register, and password reset forms such as Woocommerce and Easy Digital Downloads. 


Note: 3rd-Party Support is a premium feature and only available to Pro subscribers. To find out what the extra features for Shield Pro are, read the article here.


To learn more about Brute Force Login Protection read our blog article here.