Here’s a guide on how to restrict access to your WordPress site to your own country.
Does limiting access to your WordPress site to your own country improve security?
According to statistics we’ve collected, attacks originating from Japan account for an average of just a few percent of the total attacks on our sites.
Therefore, blocking access from countries other than Japan will deflect over 90% of attacks, making it a highly effective security measure. (Since nearly all WordPress site hacks are automated, being able to prevent 90% of them at this stage provides a significant security advantage.)
However, if your site is already infected with malware or a hacker has gained access to the server, while this measure may temporarily prevent attacks, please be aware that hackers may bypass the block by using proxies in that country or other methods.
How to Block Access from Overseas
To block access from overseas, it is best to implement this using .htaccess before the user accesses WordPress (i.e., at the server level). This is because if you wait until after WordPress has been initialized, attackers may still be able to exploit vulnerabilities.
https://www.ip2location.com/free/visitor-blocker
You can create an .htaccess file that allows access only from domestic IP addresses using the website listed above. Simply download this .htaccess file and copy and paste its contents over your current WordPress .htaccess file.
( Use FTP software to download the .htaccess file generated by WordPress, edit it in a text editor, and then overwrite and re-upload it.)
However, depending on the country, the file above may contain over 5,000 lines, which could increase the load on the server.
According to my research, an IP check involving 5,000 lines could increase server response time by up to a few milliseconds. Since loading a single page also involves loading other resources such as images and CSS, the 5,000-line matching process runs each time, which could slow down page rendering by a few seconds and increase the server’s CPU load.
Additionally, if a hacker is using IPv6, the new IP address format, the above .htaccess file cannot prevent the attack because it only supports IPv4.
Block only the IP addresses that have attacked your site, either manually or automatically
By using the [Free] WordPress: Malware Scan & Security Plugin [Malware & Virus Detection and Removal], you can monitor the IP addresses of hackers attacking your site and block only those specific IPs either manually or automatically.
After installing the plugin, go to the admin panel’s “Malware Scanner” > “Hack Monitor & IP Blocker” tab, check the box for “Enable Hack Monitor,” and save the settings.
This will allow you to monitor hackers’ attacks on your site.
Once a hacker’s IP address is logged, you can click on it to check whether that IP is being used for other hacking activities on abuseipdb.com, another security information site.
This hacking monitoring and manual blocking feature is available for free, so we hope you’ll take advantage of it.
This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.
