Geoblocking the US

[ad_1]

I have a wordpress website that offers services in Ireland only. We have had two malware attacks recently as well as being targeted by card testing fraud (1800+ payment attempts) and also brute force login attempts.

My web designers have enabled captcha and login lockout to counteract the card testing and brute force attempts – I'm waiting for them to come back to me about the malware issues. I found I can geoblock through cloudflare, and all of the trouble is coming from US IP addresses. Anyone outside of Ireland can't use my site or purchase a service through it.

A quick google search splits the opinions 50/50 about whether geoblocking is good or bad. Any thoughts?

[ad_2]
6 Comments

  1. For context on July 26th we had 36 events on cloudflare and on August 6th when we had malware on the site for the second time there was 4707 events on cloudflare.

    If geoblocking isn’t the answer, what do you suggest? Is this level of events normal?

  2. you can geoblock, but make an exception for “known bots”. these are reputed bots like search engine crawlers. many of them originate from the US and you probably don’t want to block them. also, geoblocking can be trivially bypassed by fraudsters with VPNs, so it’s not always effective. a better way to prevent brute forcing is to put a managed challenge before the login page (usually wp-login.php but could be different in customized sites) and a have login limit system (wordpress plugin or fail2ban with a wordpress jail).

    i don’t have much experience with tackling credit card fraud, but captcha from recaptcha or cloudflare turnstile should hopefully bring those under control.

  3. What I would recommend to you is openresty, which is just nginx server with Lua. Then is easy to act on the origin country code from Cloudflare and exclude all but Ireland.

    Block every server farm that even looks cross eyed at you at CF as well. Users don’t use servers to connect. No one is spending so good luck.

  4. Define “malware attack”? If you mean your site was infected with malware, no amount of geoblocking is going to help you there – you need to fix the problem – your site has a vulnerability e.g. remove the old/abandoned/out of date plugin or theme that you’re using, ensure you’re using strong/unique passwords, remove any nulled plugins, etc – standard WP bests practice stuff.

  5. Please ask your website people what they use for security on your site. It doesn’t sound like you have any or no one is actually monitoring it. I second getting a premium Wordfence subscription, but you should put yourself on the email list and get the notifications sent to you. It will tell you what needs an update, will allow you to block IP addresses, or countries and they will help you for a fee to clean your site if it gets really out of control. Here is the link so you can read up on what they have to offer:
    https://www.wordfence.com/

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer