Protect and block against brute force login attempts and create a blacklist of IP addresses.

  • Not whitelisted IPs need fill out one aditional email field.
  • Option to disable xml-rpc API.
  • Option to disable Json WordPress Rest API (also new WordPress 4.7 Rest API).
  • Option to login notification by email.
  • Alert when this plugin is deactivated.
  • Alert when a new plugin is installed at your site.(usually first thing hacker do after attack you)
  • Optionally, let you hide your site (and login page) from attackers.
  • Stay Up-to-Date: Option to set WordPress to automatically download and install themes and plugin updates.
  • WordPress Debug enabled warning.
  • Disable file editing within the WordPress dashboard.
  • Replace insecure login error message.
  • Multilingual ready.

Report not whitelisted IP address attacks to the respective abuse departments of the infected PCs/servers, through free services of blocklist, to ensure that the responsible provider can inform their customer about the infection and disable the attacker.

No fail2ban or another software required.

We hope our plugin makes the Internet better, safer and helps to clean infected PCs.

Demo Video


  • Control Panel
  • Default IP Black List

Часто задаваемые вопросы

How to Install?

1) Install via

2) Activate the plugin through the ‘Plugins’ menu in WordPress


Extract the zip file and just drop the contents in the wp-content/plugins/ directory of your WordPress installation and then activate the Plugin from Plugins page.

Where is the Complete OnLine Manual?

Where is start up guide?

Where is the OnLine FAQ page?

How can i get support?


Works Well & Has Great Support!

Works as advertised to report any attacks to my site to I contacted the developer with a minor support request and received an immediate response and resolution—awesome!!

Участники и разработчики

“ReportAttacks” is open source software. The following people have contributed to this plugin.


Translate “ReportAttacks” into your language.

Заинтересованы в разработке?

Просмотрите код или подпишитесь на журнал разработки по RSS.

Журнал изменений

2.09 2017-04-12 — Feedback System Improvements.

2.08 2017-03-10 — Add warning if debug is true, options to disable editing, replace error login message and automatic plugins and themes updtate.

2.07 2017-01-25 — Add language file.

2.06 2017-01-06 — Improved Help System

2.05 2016-12-16 — Improved Ip recover

2.04 2016-12-13 — Disable Json WordPress Rest API (also new WordPress 4.7 Rest API).

2.03 2016-12-12 — Fixed bug at get api key page.

2.02 2016-12-05 — Tested with WordPress 4.7.

2.01 2016-09-30 — Minor improvments.

2.0 2016-09-28 — Minor improvments.

1.9 2016-09-02 — Minor bug fixes.

1.8 2016-09-01 — Add email alert when this plugin is deactivated, new plugin is installed and
let you hide the whole site (and login page) from attackers.

1.7 2016-08-18 — Improved Notifications settings.

1.6 2016-08-10 — Included Options to Disable xml-rpc API and also notification for successfull login.

1.5 2016-08-05 — Included button Screen Options at Failed login table and add message compatibility with WordPress 4.6

1.4 2016-07-22 — Included screen to get free API KEY from

1.3 2016-07-19 — Improvements at Start Up Guide.

1.2 2016-07-12 — Improvements at Cron Job.

1.1 2016-07-11 — Add extra login protection when ip it is not whitelisted and improved failed login table management.

1.0 2016-07-08 — Initial Release