diff --git a/lib/wpscan/modules/brute_force.rb b/lib/wpscan/modules/brute_force.rb
index 61be1593..04f560b3 100644
--- a/lib/wpscan/modules/brute_force.rb
+++ b/lib/wpscan/modules/brute_force.rb
@@ -52,7 +52,7 @@ module BruteForce
         request = Browser.instance.forge_request(login_url,
           {
             method: :post,
-            params: {log: username, pwd: password},
+            params: { log: URI::encode(username), pwd: URI::encode(password) },
             cache_timeout: 0
           }
         )