One of the most common ways of hacking that we can suffer in WordPress is the attack by brute force trying to access our administration in a massive way.
It seems logical, therefore, to limit mass access, and for that there are many plugins that allow to avoid massive access or even block access during a certain time .
But, taking into account that this type of attacks usually come from the same countries would not it be a good strategy to limit access so that only visitors from certain countries are allowed?
In addition, this utility would not only be interesting to stop attacks, but can be part of a commercial strategy in which we only allow to register and access our guy, usually with advantages for the user, to visitors from specific countries.
In any of these cases there is a plugin that will help us in a great way, Limit login countries .
Its operation is very simple, once installed and active, it offers a configuration page in "Settings -> Login countries" where we will add countries to the whitelist ( Whitelist ) or to the blacklist ( Blacklist ]).
The concept is that we will be able to include (whitelist) or exclude (blacklist) countries which best suits our needs. In this way, if we want to defend ourselves from attacks, for example, we would make a black list of suspicious countries and, for a commercial strategy, we would make a white list of the countries of origin of our visitors that we want to be able to access. It is just an idea of possible uses.
Once we decide if our list is going to be white or black, we only need to add countries in the next field, where we will use the two-digit code of the countries to be included in the list.
Finally, we have to download the database of geolocation for which we have a direct link. Once downloaded you have to upload to the file upload folder of your WordPress, normally " uploads ", so that the plugin detects it. The file that we download will come in a compressed format, and you have to unzip it and upload the file called GeoLiteCity.dat .
If the plugin does not detect it, we will tell you in the field where to locate it.
You save the changes and that's it, now only your users whose countries are not blocked can access your WordPress administration (blacklist) or you have allowed (white list).
If, for any reason, you are wrong and can not access yourself it has easy fix, add the following line to the file
define ( 'LIMIT_LOGIN_COUNTRIES_OVERRIDE' TRUE ) ;
In short, a simple system smart for limit access to admin WordPress by countries the use that is given to you is already yours.