Wp-admin and wp-login.php with geoip protection


#1

Getting frustrated for the constant brute-force login attempts? I am - or were. Instead of blocking IP’s I ended up trusting countries (that has actual laws against cyber criminals or operators that are trustworthy).

So I ended up protecting the login area using GeoIP. It took a while to parse info from various sites and as I’ve been using EE for years, I wanted to contribute this to the lovely community :slight_smile:

Debian/Ubuntu (installed on Debian 8.9)

Install necessary files:

apt-get install geoip-database libgeoip1

Move the GeoIP.dat file

mv /usr/share/GeoIP/GeoIP.dat /usr/share/GeoIP/GeoIP.dat_bak

Update the GeoIP.dat file

cd /usr/share/GeoIP/ wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz gunzip GeoIP.dat.gz

Edit nginx:

vi /etc/nginx/nginx.conf

Add these in http block:

geoip_country /usr/share/GeoIP/GeoIP.dat; map $geoip_country_code $allowed_country { default no; US yes;

Edit your vhost:

vi /etc/nginx/sites-available/yousite.com

add a new line for the new config file we are about to create:

include common/locations-safe.conf;

Create the new config file:

vi /etc/nginx/common/locations-safe.conf

locations-safe.conf:

set $check ‘’;

    if ( $allowed_country = no  ) {
            set $check "A";
    }
    if ( $request_uri ~ ^/wp-(login\.php|admin/) ) {
            set $check "${check}B";
    }
    if ( $check = "AB" ) {
            return 403;
    }

}

Restart the nginx

/etc/init.d/nginx reload

Now you’ll block everyone trying to access your wp-login or wp-admin. For eCommerce sites, I suggest you allow all countries you’re selling to (because of the wp-login.php). For more detailed (wp-login ajax etc see: https://www.bjornjohansen.no/access-wordpress-by-ip-in-nginx).

Tested using VPN from various locations (not trusted countries - ended up landing 404).

Would be nice to get this implemented to EE. i.e

ee site create blaa.com --wp --php7 --geoadmin US,UK,SE,FI


#2

Thanks @hakabe for sharing your solution.

We covered something similar here https://easyengine.io/tutorials/nginx/block-wp-login-php-bruteforce-attack/