You can add extra security to your wordpress website by using the mod_security
You can block one or more specific countries to access your website like this:
- download GeoIP database
mkdir /usr/share/geoip/
cd /usr/share/geoip/
wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gzip -df GeoIP.dat.gz
- add rules to mod_security2
SecGeoLookupDb /usr/share/geoip/GeoIP.dat
SecRule REMOTE_ADDR “@geoLookup” “chain,id:20,drop,msg:’High Risk Fraud Location'”
#SecRule GEO:COUNTRY_CODE “@streq CN”  // mod_security block only one country
SecRule GEO:COUNTRY_CODE “@pm UA ID YU LT EG CN BG TR RU PK MY IL” // mod_security block a specific list of countries
# mod_security allow only one country to be able to access the admin area from wordpress
# mod_security block all countries except one
<Locationmatch “/wp-admin/”>
SecRule REMOTE_ADDR “@geoLookup” “chain,id:20,drop,msg:’High Risk Fraud Location'”
SecRule GEO:COUNTRY_CODE “!@streq RO”
</Locationmatch>
Assigning Fraud/Risk Scores
As Rsnake discussed, there are many different fraud detection resources that have assigned general risk scores to certain geographic regions. Â For example, the top 12Â High Risk Countries:
- Ukraine
- Indonesia
- Yugoslavia
- Lithuania
- Egypt
- China
- Bulgaria
- Turkey
- Russia
- Pakistan
- Malaysia
- Israel
Enjoy
