Gatorio is a free and open-source WordPress plugin designed to protect login endpoints from brute-force attacks. It targets a common vulnerability in WordPress sites, where automated bots attempt thousands of password guesses per hour. The plugin intervenes before WordPress processes authentication, aiming to conserve server resources and prevent attackers from exploiting login forms.
Key features include a pre-authentication check that blocks attackers prior to WordPress authentication, and a smart lockout mechanism that enforces a 15-minute lockout after five failed login attempts. Each login attempt is delayed by one second, a measure intended to slow down automated attacks without noticeably affecting legitimate users. Gatorio disables XML-RPC multicall functionality to prevent mass authentication attempts and blocks unauthenticated access to the REST API user endpoint, reducing the risk of user enumeration. The plugin is compatible with WooCommerce and all major caching plugins, as it stores lockout data in the wp_options table and bypasses cache when necessary. No custom database tables are created, and the plugin relies solely on WordPress core hooks, avoiding external dependencies.
Privacy is a central consideration in Gatorio's design. IP addresses are stored as SHA-256 hashes combined with the site's NONCE_SALT, ensuring that no plain-text or personally identifiable data is retained. The plugin does not log usernames, passwords, or timestamps, and does not generate persistent logs. All data related to lockouts is temporary and automatically removed after expiry. Gatorio does not make any external requests, collect telemetry, or require user consent banners, and is described as GDPR compliant. 0-or-later license.
Installation is straightforward and can be completed via the WordPress admin interface, WP-CLI, or manual FTP upload. 0 or above. Gatorio is always free and open source, with a Pro version planned for additional features, but core security functionality will remain free.
In the Infrastructure & Backend space, Gatorio takes a focused approach. It focuses on preventing unauthorized access and brute-force attacks on WordPress login endpoints. Gatorio is a B2B product aimed at wordPress administrators and site owners. The product is available for free. It runs on the web.
sichtelement builds and maintains Gatorio, and the product first shipped in 2026. Across PulseGate's embedding index, Gatorio has few near neighbours, marking it as relatively distinct. Among its 6 catalogued features are brute-force protection, login attempt limiter, and temporary lockout. The interface is available in English and Tamil.
Latest indexed changes and source events
Other apps tracked under the same category.