BruteGuard is completely free and a service that is thought to help people keep their site secure. We might add additional services in the future which are not free but the core functionality of BruteGuard will always stay free.

Yes!

There is no limit, you will need to request 1 API key per domain.

We’ve built a smart algorithm which defines the number of failed login attempts an IP can have so there is no specific number.

BruteGuard only logs the IP addresses that try to access your WordPress backend. Nothing more. We believe in transparency and only storing and using the data that is needed.
We need the IP addresses so we can identify patterns and filter malicious IPs so we need to track these but any other metrics are not relevant and therefore not tracked.

Nowadays there are many scripts and bots out there that try to gain access to your WordPress installation to inject it with malicious software. To prevent these attacks which try different random variations of passwords to gain access to your site we’ve built BruteGuard. BruteGuard identifies too many login attempts and blocks that IP globally for every site that is using our Plugin. That way if one site gets attacked all the other sites are already pre-protected against these attacks. Brute force attacks also generate quite some load on the server, by using BruteGuard you reduce these attacks and therefore also require less resources and lower your hardware footprint.