WordPress now powers so many websites, it’s no surprise that it’s a favorite target for hackers. To keep its users safe, Automattic – the company behind both WordPress.com and the open-source WordPress project — today announced that it has acquired BruteProtect, a security and management tool for WordPress.

The BruteProtect plugin is currently used on about 110,000 sites, but with this acquisition, WordPress will not only make BruteProtect’s premium service available for free, but it will also include it in its Jetpack service. Jetpack allows WordPress users with self-hosted sites to get access to many of the cloud-hosted services that WordPress.com offers its users.


First and foremost, BruteProtect protects sites from malicious login attempts (as the name implies), but it also ensures that your WordPress install and all the plugins and themes you use are up to date. The service also offers uptime monitoring and before the acquisition was announced, BruteProtect was also working on tools for malware scanning.

BruteProtect was developed by the team at Parka. Before the acquisition, Parka co-founder Sam Hotchkiss writes today, the company was talking to Automattic founder Matt Mullenweg about funding. Instead of funding the project, though, Mullenweg must’ve decided that acquiring the project was a better course of action.

As Mullenweg notes, Automattic may be known for its consumer-facing products like WordPress.com, but “the infrastructure behind them is the bottom part of the iceberg.” Automattic says it now pushes an astonishing 450 terabytes of data a day from 9 data centers around the world and with that, the company has acquired quite a bit of expertise in running web-scale services.