Having a security plugin for your WordPress website is pretty much a must these days. However, there is no one all-encompassing solution that’ll protect you from absolutely everything and anything. That’s why we always advise clients to combine several plugins based on their site’s vulnerabilities and concerns.

Most users have some security plugin installed that does anything. Even from tying up loose ends to scanning your site for malware. But what many also don’t realize is that spam captchas can also be harmful to you, and even if they’re not, let’s face it, they sure are annoying.

Furthermore, that’s why we’re presenting you with a unique WordPress anti-spam security solution. We’ll examine its features and see if it works.

What is WPBrusier?

WPBruiser,  this plugin is formerly known as GoodBye Captcha. Also, it is a WP plugin that promises to help you identify and block spam-bots and hard-to-read captcha images. And we must admit this looked quite interesting. So, without further-a-do, let’s quickly recap what the developer says about it to get acquainted.

The plugin is 100% self-contained and doesn’t require any integration or connection to outside services. Which all in all, it makes it a simple solution for all those looking for a self-contained service.

WPBruiser is supposed to eliminate all of those annoying spam-bot signups and spam comments. Also, this is even supposed to aid in fending off brute force attacks, as the hacker’s point of entry gets blocked automatically. Plus, it’s completely invisible; no one will ever even know you have this installed. It’s like a VPN in that sense.

What truly makes it unique and sets it apart from other similar plugins is that it doesn’t put spam comments into spam. It completely blocks them from being posted in the first place. WPBruiser promises you no longer have to waste your site’s resources or your valuable time. No more going through spam comments and individually deleting each one.

There are also many extensions for this plugin that work with individual membership, contact forms, eCommerce. Also, other plugins that you can integrate with to ensure you get protected on every front.

However, the plugin is not tested with the last version of WordPress. This fact also raises concern, especially for a security plugin. But let’s see what this plugin offers when it comes to the features and if it still works.

How does it work?

This plugin offers a lot, but it is pretty simple, and so we’ll split the features into a few categories to make them easier to follow and sort in your brain. The first section is the basic features, and just these alone provide your site with more than a few valuable options for protecting your site.

Basic Features

• Standard login, register, forgot password, and comments form integration
• Set the maximum number of characters per comment field
• Automatically block IP addresses
• Delete all logs older than 30 day
• Manually whitelist IP addresses
• Many block or unblock IP addresses
• No requests to external API’s
• “ Test Mode” is available
• Compatible with cache plugins
• Invisible for the end-user
• Claims not to affect loading times

Brute Force Protection

• Detects brute force attacks
• Prevents user enumeration
• Disable XML-RPC pingbacks
• Email notification when a brute force attack is detected

Most Notable Extentions

• Contact Forms – Ninja Forms, Contact Form 7, Gravity Forms
• Membership – BuddyPress, MemebrPress, UserPro
• eCommerce – WooCommerce, AffiliateWP
• Email Subscriptions – MailPoet, Easy Forms for Mailchimp

All of these features are available under the “Settings” tab on your WP Admin dashboard. Also, you will notice that the plugin appears entirely customizable and easy to work with at first glance.

As you can see, all of the features and their setting you can find divided into eight individual tabs. All of them are as straightforward as you’d expect. But we do have to admit the reports section seemed like a great addition to a plugin like this. Something this detailed is not easily found, especially not in a free plugin.

The image you see above is exemplary and here to show you how this dashboard used to look. However, we are saddened to report this is no longer the case. Considering the developer had abandoned the plugin, we ran into quite a few problems on our way.

Initially, we were supposed to introduce you to all of the plugin’s features and how they can protect your site. But unfortunately, there isn’t much point in going through every feature because this plugin no longer works right.

The plugin claims it’s supposed to protect from brute force attacks, but this does not seem to be the case. In the case of an attack, users have reported that the plugin did notify them of this occurrence and had allegedly blocked the IP addresses, but the IP address in question was still hammering the server. So, no real help there.

However, this situation does beg the question of how does the plugin treat said blocked IP addresses, does it serve empty pages, or did it simply fail at its job? We cannot answer this because none of the documentation provided with the plugin explains this.

Costs, Caveats, Etc

While this may have been a helpful plugin back in the day, that is no longer the case. The developers seem to have forsaken it, and it isn’t updated in a while. And as we all know, some users don’t bat an eye at installing a plugin that’s not up to date. Also, sometimes they can still work the same.

We want to issue a further warning against downloading it as many recent reviews stated that WPBruiser completely blocked their site and couldn’t even open their installation. If it ever does get updated and picked up again, we’ll make sure to review it a second time, but for now, our recommendation is to steer clear.