A better way to prevent brute-force attacks
GuardGiant is a modern security plugin that protects your WordPress site from attackers whilst preserving the best possible user experience.
* GuardGiant is free software licensed under GPL V2.
What Makes GuardGiant Better
When a genuine user makes a successful login to their account using their mobile phone, tablet, or computer GuardGiant starts treating their device as Trusted.
Looking after real users
Failed login attempts from trusted devices are directed towards 'Lost Password' forms rather than being subject to account lockouts or additional counter measures.
Users receive an alert when anyone logs into their account from an unrecognized device or browser.
Keeping Out The Bad Guys
GuardGiant uses a range of counter-measures to stop repeated failed login attempts from unrecognized devices. The default behaviour is as follows:
Add Captcha Field
After 3 failed login attempts from the same device, a Captcha field is added to the login page. A Captcha is a strong counter-measure that is very hard for an automated process to solve.
After 10 failed login attempts a temporary block of 2 minutes is applied to the device/IP address. No login attempts can be made during this time.
Extend Block Time
Each further failed login attempt makes the block time longer by 1 minute. This slows down attacks to the point where they quickly become unviable.
You can fully customize the behaviour of GuardGiant to suit your environment.
Attacks Are Getting Stronger
Brute force attacks have plagued the internet for years and are now at unprecedented levels. According to the Data Breach Investigations Report 2020:
of attacks are financially motivated
of breaches use brute-force techniques
of breaches are related to site misconfigurations
Other Security Improvements
GuardGiant implements security improvements recommended by the Open Web Application Security Project® (OWASP) to keep your site safe:
Obfuscates login errors to stop hackers detecting valid account names.
Provides visibility of hacking attempts through an audit log of failed login attempts.
And much more...
Site Owners Love GuardGiant
GuardGiant is really simple to install and the default settings are optimized for most sites. You can of course tailor the plugin to your specific needs.
It's been disturbing to see how many people are trying to hack in to my site. However, the plugin does a good job of keeping them at bay. Well worth installing.
This is the plugin I always install first when I create a new site. Without it, you leave yourself wide open to hackers. You don't need to configure anything - the default settings work perfectly.
Get this plugin. It doesn't affect your sites performance and provides a serious layer of security that you really shouldn't be without.
Why wouldn't you install this?! It's super stable and protects you from all sorts of hackers. Best of all it's free 🙂
Frequently Asked Questions
Find answers to common questions about the GuardGiant plugin for WordPress.