Automattic Acquires Parka LLC, The Creators Of BruteProtect

photo credit: Peter Slutsky
photo credit: Peter Slutsky

The parent company of BruteProtect, Parka, LLC has been acquired by Automattic for an undisclosed amount. BruteProtect is a service providing brute force login protection for thousands of WordPress sites. The BruteProtect plugin will be phased out and rolled into Jetpack and will  remain free to use. The services offered by BruteProtect pro are now free for anyone to use. As part of the acquisition, all seven Parka employees will be employed by Automattic and will be part of the Jetpack development team.

Once it’s merged into Jetpack, an announcement will be made to confirm the end-of-life date for the BruteProtect plugin. You won’t have to worry about managing two different API keys since it will function with the same key used by Jetpack. Unless you opt-out, BruteProtect will run at the same time as Jetpack. However, it’s unclear if it will be an auto-activated module when the merger is complete.

The Origin Of BruteProtect

BruteProtect Plugin Header
BruteProtect Plugin Header

In 2013, Matt Mullenweg published an article with his thoughts on passwords and brute force. The article was published around the same time a large botnet was using brute force techniques to login to WordPress sites using Admin as the username. The article generated a healthy discussion on the WP-Hackers mailing list, especially around the Limit Login Attempts plugin which is commonly recommended to protect against unwanted login attempts.

The discussion prompted Hotchkiss to come up with a better solution. Instead of websites battling the problem alone, BruteProtect brought websites together to fight a common cause, similar to how Akismet works. Little did he know that he was writing his destiny.

Another option to consider would be adding a “Security” plugin to Jetpack.

This could be used to manage a centralized blacklist, as well as to patch security vulnerabilities as they pop up. If all failed login attempts get reported back to Jetpack central, it could blacklist an IP for X minutes/hours after Y number of failed logins on any Jetpack-enabled site within Z minutes/hours.

Since its launch, it’s been installed on 106,836 sites and defended against 135,986,764 brute force attacks worldwide.

BruteForce Protection For The Masses

Having the product remain free was an important part of the acquisition. “I feel strongly that we need to be free and used by as many people as possible in order to provide the best protection and to do the most good,” Hotchkiss told the Tavern.

With BruteProtect now part of Jetpack, millions of websites will be protected from BruteForce login attempts and contribute to the centralized blacklist of IP addresses making the service much more effective. I think this is a huge win, especially for those who use Jetpack. Users don’t have to figure out technical jargon or difficult configuration settings.

What do you think about the acquisition? Let us know in the comments.

There are 39 comments

Comments are closed.