How to Block WordPress Attacks from an Entire Country with WHM

If you’re using WordPress, you’re probably aware of all the WordPress bot-net attacks being orchestrated across the world. Here’s a simple way to block 90% of attacks and spam traffic to your WordPress blog.

Most people will recommend using a plugin like WordFence or WP Better Security. I use and recommend these plugins, but I don’t want them working overtime diverting and blocking attacks. That is the responsibility of your server, not WordPress. So we’re essentially going to block entire countries from accessing your server and all the websites within it.

Important Note: Only do this if your primary source of desired traffic is English speaking countries like the US, UK, New Zealand and Australia.

How to Block WordPress Attack Countries in WHM

To do this, you’ll need to have access to WHM. This is the “parent” of Cpanel and is only available with VPS or Dedicated servers.

  1. Login to Cpanel and navigate to Plugins > ConfigServer Security & Firewall on the left sidebar.
  2. Click on the Firewall Configuration button.
  3. Search for CC Deny and paste the following into the text box: CN,RU,RO,JP,DE,KP,KR,VN,MY,TH,NG,UA,LV,EE,BG,ID
  4. Scroll to the bottom and save your changes.

The code above will block China, Russia, Romania, Japan, Germany, North Korea, South Korea, Vietnam, Malaysia, Thailand, Nigeria, Ukraine, Latvia, Estonia, Bulgaria, Indonesia.