Block 1 country from entire site ?

  • Resolved photoMaldives

    (@photomaldives)


    6 years ago

    Great plugin, tokkonopapa! ??
    Although I will admit to being a little overwhelmed by all the settings ! All I wish to do is block access from 1 single country that is the source of a brute force attack [VN]. I cannot imagine any genuine visitors from VN, so I wish for the whole site to be invisible.
    I went through the settings and seem to have turned everything on, but when I fire up my VPN for VN, my site is still visible. When I visit the WP dashboard, I see the message that warns me not to logout as I will not be able to log back in as VN is blocked. This works as expected.
    Is there a simple way to make the whole site invisible to one (or several) countries, front end and backend ? I imagine this being a common-use scenario for many people, after seeing a Wordfence (or other) security summary for their site.
    Suggestion – a simple setup wizard: from which country are you under attack? That:
    (1) renders the entire site invisible, (2) auto-whitelists my current country and IP, and (3) creates the emergency login link. And then presents the option to add extra countries.
    Thanks, and keep up the great work. ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @photomaldives,

    First of all, thank you for your good suggestions. Definitely I believe I should impliment the UI/UX as you suggested if I developed commercial/premium products. But unfortunately, I don’t have enough time to do that. I’d like to spend my time for researching/studing technologies about security itself to enhance the ability of this plugin.

    As for your the issue about VPN, I should confirm how you tested. If you had logged into your site as admin with your browser and access your site with another window of the same browser through VPN, then your situation might happen because you already had the admin session info (in your cookies), and the your browser kept the session even though the VPN.

    So if you try to access your site after cleaning up your cookie OR access with private window on Chrome or Firefox, you will be blocked.

    Is there a simple way to make the whole site invisible to one (or several) countries, front end and backend ?

    If you can confirm the above, then you can put the target country code into the blacklist and setup for back-end and front-end like bellow:

    Validation rules and behavior

    Front-end target settings

    I hope this solves your issue.
    Thanks.

    Thread Starter photoMaldives

    (@photomaldives)

    Hi tokkonopapa, and thanks for your quick and detailed reply. ??
    Yes, you are absolutely correct!
    – Chrome 2 tabs, 2 sites signed into WP.
    – FF private mode, same 2 sites, not signed in.
    When I toggle the VPN between 2 countries (VN and PL), the sites in Chrome remain visible, but in FF they are blocked as expected.
    Thanks for clarifying, and good luck with your security work/research. ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Block 1 country from entire site ?’ is closed to new replies.