Wordpress failed login reporting plugin Help community, protect everyone

Let's have some fun

Today I am going to post first version of this plugin to Wordpress. First plugin with a simple, but yet effective goal - protect every participant against annoying login script abusers on a firewall level. We'll see how it goes..

Step 1

Install and activate plugin. That's enough for your website to start reporting information about failed logins - simply search for csf firewall inside wordpress plugin directory and click install!

Step 2

In your firewall (CSF, APF) set to fetch list of denied IPs every 30 minutes:
LF_GLOBAL = 1800
GLOBAL_DENY = http://wp-firewall.hosting.guru/deny.txt
You don't have to do anything more. Running CSF daemon will fetch list automatically and apply required rules.

/ 28.January.2016

Yet another sysadmin, who got distracted by DDOS attacks on Wordpress login script

Anton Aleksandrov

Idea, Developer


I encourage Wordpress users to install plugin Failed Login Firewall reporting. This tiny plugin will report every failed login to our central database.

If you are using CSF (Config Server Firewall) or APF - you can instruct it to regularly fetch and block IPs from this list:


For example in CSF set these values to fetch fresh list every 30 minutes:

LF_GLOBAL = 1800
GLOBAL_DENY = http://wp-firewall.hosting.guru/deny.txt

Two things.
1. install and activate the plugin.
2. ask your server administrator to use our list to block IPs.

Even by installing and activating this plugin you help community, as more attackers would get reported! We might extend plugin features in the future for more advanced protection. Stay connected!


You should still consider some advanced security plugin, like All-in-One WP Security or Wordfence. This plugin won't replace their functionality. They are doing completely different things - provide local protection using wordpress tools. Our plugin will collect IPs of bad guys and provide protection on higher level and to more wide range of users (not just on your server, everyone, who use it).

Plugin is free for use.

IP will be listed in deny list if it matches one of the following:

  • had more than 20 failed login attempts since yesterday 00:00
  • had more than 100 failed login attempts within last 10 days
  • had more than 500 failed login attempts within last 30 days
Basically if some IP failed 500 times or more - it will be blocked for at least 30 days.

Direct download link

Or search wordpress plugin directory for Failed login firewall or CSF FIREWALL.