How to Block Countries in WordPress: Stop Foreign Attacks

Blocking countries in WordPress can dramatically reduce attacks on your site. This guide covers multiple methods to implement country blocking, from plugins to server-level configuration.

Why Block Countries in WordPress?

Statistics show that the majority of WordPress attacks originate from a handful of countries. If your site doesn't serve those regions, blocking them eliminates most threats:

• Reduces brute force login attempts by 60-80%
• Stops automated vulnerability scans
• Blocks comment and contact form spam
• Reduces server load from malicious traffic
• Prevents fraud on e-commerce sites

Method 1: WP Folder Shield (Recommended)

WP Folder Shield provides the easiest and most effective country blocking:

Setup Steps

1. Install and activate WP Folder Shield
2. Navigate to WP Folder Shield > Settings
3. Click on "Country Blocking" tab
4. Choose "Blacklist" or "Whitelist" mode
5. Select countries to block/allow
6. Enable "Apply to admin area" if desired
7. Save settings

Advantages

• No technical knowledge required
• GeoIP database included and auto-updated
• Integrates with other security features
• Detailed logging of blocked attempts
• IP whitelist to prevent lockouts

Method 2: Server-Level Blocking (Advanced)

Apache with mod_geoip

<IfModule mod_geoip.c>
GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat

# Block China, Russia
SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry

Order allow,deny
Allow from all
Deny from env=BlockCountry
</IfModule>

nginx with GeoIP Module

# Load GeoIP database
geoip_country /usr/share/GeoIP/GeoIP.dat;

# Map blocked countries
map $geoip_country_code $allowed_country {
    default yes;
    CN no;
    RU no;
}

# In server block
if ($allowed_country = no) {
    return 403;
}

Method 3: Cloudflare (CDN Level)

If using Cloudflare, country blocking at CDN level is most efficient:

1. Log into Cloudflare dashboard
2. Go to Security > WAF > Tools
3. Use IP Access Rules or Firewall Rules
4. Add rules for country codes to block

Cloudflare Advantages

• Blocks before traffic reaches your server
• Reduces server load completely
• Works with any web server
• Free on all Cloudflare plans

Recommended Countries to Block

Based on attack data from security research:

Highest Priority (Major Attack Sources)

• China (CN): Massive automated attack infrastructure
• Russia (RU): Sophisticated attack operations

High Priority (Significant Attack Volume)

• Ukraine (UA)
• Brazil (BR)
• Vietnam (VN)
• India (IN)
• Indonesia (ID)

Sanctioned Countries

• North Korea (KP)
• Iran (IR)
• Syria (SY)
• Cuba (CU)

Protecting Against False Positives

1. Always Whitelist Your IP

Before enabling country blocking, add your own IP to the whitelist to prevent lockout.

2. Whitelist VPN Exit Nodes

If you or your team use VPNs, whitelist common VPN provider IPs.

3. Consider Legitimate Traffic

Review your analytics before blocking. You might have legitimate visitors from countries you plan to block.

4. Test Before Full Implementation

Start with logging mode to see what would be blocked before actually blocking.

Monitoring Blocked Attempts

WP Folder Shield logs all blocked access attempts:

• IP address of blocked visitor
• Country code detected
• URL they tried to access
• Timestamp

Regular review helps you:

• Confirm blocking is working
• Identify false positives
• Discover new attack patterns
• Adjust blocking rules

Get WP Folder Shield for easy, effective country blocking with comprehensive logging and whitelist management.