A better way to prevent brute-force attacks

GuardGiant is a modern security plugin that protects your WordPress site from attackers whilst preserving the best possible user experience.


* GuardGiant is free software licensed under GPL V2.

External image
External image
Wordpress Plugin

What Makes GuardGiant Better

When a genuine user makes a successful login to their account using their mobile phone, tablet, or computer GuardGiant starts treating their device as Trusted.

Looking after real users
  • Failed login attempts from trusted devices are directed towards 'Lost Password' forms rather than being subject to account lockouts or additional counter measures.

  • Users receive an alert when anyone logs into their account from an unrecognized device or browser.

Strong Security Measures

GuardGiant uses a range of counter-measures to stop repeated failed login attempts from unrecognized devices. The default behaviour is as follows:

Add Captcha Field

After 3 failed login attempts from the same device, a Captcha field is added to the login page. A Captcha is a strong counter-measure that is very hard for an automated process to solve.

Temporary Block

After 10 failed login attempts a temporary block of 2 minutes is applied to the device/IP address. No login attempts can be made during this time.

Extend Block Time

Each further failed login attempt makes the block time longer by 1 minute. This slows down attacks to the point where they quickly become unviable.

You can fully customize the behaviour of GuardGiant to suit your environment.

Your Site Needs Protection

Brute force attacks have plagued the internet for years and are now at unprecedented levels. According to the Data Breach Investigations Report 2020:


of attacks are financially motivated


of breaches use brute-force techniques


of breaches are related to site misconfigurations

Better Security For Your Site

Other Security Improvements

GuardGiant implements security improvements recommended by the Open Web Application Security Project® (OWASP) to keep your site safe:

  • Obfuscates login errors to stop hackers detecting valid account names.

  • Provides visibility of hacking attempts through an audit log of failed login attempts.

  • And much more...

External image

Site Owners Love GuardGiant

GuardGiant is really simple to install and the default settings are optimized for most sites. You can of course tailor the plugin to your specific needs.


It's been disturbing to see how many people are trying to hack in to my site. However, the plugin does a good job of keeping them at bay. Well worth installing.

Evelyn Lopez

This is the plugin I always install first when I create a new site. Without it, you leave yourself wide open to hackers. You don't need to configure anything - the default settings work perfectly.

Connor Robinson

Get this plugin. It doesn't affect your sites performance and provides a serious layer of security that you really shouldn't be without.

Caroline M.

Why wouldn't you install this?! It's super stable and protects you from all sorts of hackers. Best of all it's free 🙂

Frequently Asked Questions

Find answers to common questions about the GuardGiant plugin for WordPress.

What level of expertise no I need to configure this plugin?
  • This plugin is exceptionally easy to use no matter what your level of technical experience. The default settings are highly optimized, designed to keep attackers at bay whilst not disturbing genuine users from logging on.

  • For advanced users, you can fully customize the behaviour of the plugin to ensure it works best for your application.

Do I really need to worry about hackers?

We think so. Your site is likely to be under attack every day, and without protection it's just a matter of time before an intruder gains access.

How much does GuardGiant cost?

GuardGiant is free to download and use.

Is this plugin compatible with Cloudflare or other CDNs?


Load balancers and CDNs are known as reverse proxies. Due to the nature of these services, all visits to your website are logged with the IP address of the proxy rather than the visitor’s actual IP address. To remedy this, the visitor's IP address is provided in a 'header field' which GuardGiant will pick up and use.

How is GuardGiant licensed?

GuardGiant is written by WordPress experts with many years of experience. This plugin is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See the GNU General Public License for more details.

Still have a question? email support@guardgiant.com

Secure Your Website Now

The GuardGiant plugin for WordPress is free to download and use.