With a surge in the numbers of attacks on websites, it's vital to take essential steps. I remember when I faced a hard time with my website, it was because of the code injection.
Have you ever monitored your website's visitors? Your security plugin may collect the login attempts, and it's important to check if multiple attempts are made from the same country.
You can block an IP address from accessing your website, but when you notice any suspicious country, you should prevent the whole country from accessing your site.
Well, you will be happy to know that, you can block a whole country using .htaccess, by adding the IP address ranges.
You should also understand that if you target a bigger country, there may be hundreds of IP ranges. Although mostly, you require to block a small country.
Blocking the US is the worst idea because if you can't get traffic from the US, your website can't last long in the international market.
In this article, you're going to learn the most convenient way to block a country.
Have You Learned About the .htacces File
When you manage a WordPress site, you must learn the efficient use of .htaccess; it's one of the essential files you may need once in a while.
I hope you know how to edit .htaccess.
Follow these steps.
Open your cPanel account and search for the file manager; you can find it under Files.
The layout of your web hosting's cPanel may be different, but the options remain similar. The primary web hosting companies Bluehost, Siteground, Digital Ocean, Inmotionhosting, etc. have alike cPanel.
Make sure you open the publc_html directory, not the home directory. You can navigate to the root directory through the vertical navigation menu.
Search for the .htaccess file, if you don't find it, it's because you haven't enabled an option to see hidden files.
Go to Settings at the top-right corner of cPanel, open and make sure you choose the checkbox to see hidden files.
Once you find the .htaccess file, right-click to edit, or you can use the traditional Edit option from the main navigation menu of cPanel.
A popup appears to authenticate, click on the Edit button and a new tab opens for you.
Before you proceed, you must obtain the IP ranges for the country you want to block. I recommend you useIP2Location, scroll down, and you can see the list of countries, choose the one you want to block.
Selecting one output format from the drop-down menu is essential. Choose .htaccess deny; it consists of Apache as a prefix.
Click on the Download button, and you can find a text document on your computer downloads, open it and see the IP ranges of the country.
You need to copy the IP ranges and paste those into your .htaccess file.
Note: In the IP text file available on your computer, you find a few lines to display the IP2Location references, you don't need to copy those lines. Start copying from the first IP address range line.
Let me show you an example.
Order Deny,allow deny from 18.104.22.168/20 deny from 22.214.171.124/20 deny from 126.96.36.199/21 deny from 188.8.131.52/30 deny from 184.108.40.206/21 deny from 220.127.116.11/21 deny from 18.104.22.168/21 allow from all
The numbers of lines may vary, depending on the country you choose to block.
In the text document of IP addresses, you may also see <limit>; you don't need those. Follow the example.
Copy and paste such code to .htaccess and click Save Changes from the top-right corner. Congrats, you have successfully prevented your selected country from accessing from WordPress site.
It may seem a little bit confusing, but the example will help you clear your doubts. For a country like the US, there may be 150+ IP address ranges.
Do You Still Have a Doubt
I remember when I blocked a country because there were so many brute force attack from that country. When you find something suspicious from the similar IP address ranges, you should check if the attacks are happening from the same country.
I hope you can easily add the suspicious IP address and block them to secure your WordPress website. It's vital to learn such advanced WordPress security tricks.
If you're a regular contributor to WordPress forums, you many websites are vulnerable. People ask for the help, to secure the data.
I am sure; you don't want to lose your hard work. Well, if you're going to secure your website, make sure you monitor the login attempts and bounce rate.