How to Block Entire Countries from Accessing Your Website

  • November 13, 2020
  • Bradley Taylor

Server management - WHM

Hacking, internet piracy and DDoS (Direct Denial of Service) attacks are at all time high numbers. The more people there are that utilize the web to make an honest living, the more criminals that come out of the woodwork to try and take advantage of them.

The offending countries are always the same: China, India, Pakistan, Russia, Brazil, Former Eastern European Soviet Block countries and a few more. So, it makes sense to block these countries from even accessing your website. Sounds easy enough. But, in reality, depending on your website and hosting set-up, this can be harder than it sounds.

In this article I will give some advice on how to block entire countries from accessing your website in an effort to prevent hacking or DDoS attacks. We have written an article on this topic before but we have revised our tactics list since then. The world of internet security is always changing.


First off, if you have shared hosting, your efforts may be in vain. Shared hosting is exactly what it says it is – shared. This means that your website is on a server with hundreds of other websites, each of them presenting their own vulnerabilities to hackers. If you are serious about protecting your website from hacking get away from shared hosting. You will want to get your own server. This brings us to one of our newest tips on how to protect yourself.

Purchase a VPS (Virtual Private Server) from a hosting provider. You may pay $300-$600 a year for your VPS but it is well worth it. You have full control over your hosting and you can block entire countries.

To block the major offenders within your Linux/Cpanel installation, you need to use the following steps:

  1. Find your Cpanel management area.
  2. Click “Manage Server”. You will be redirected to “WHM”.
  3. In the search box in the top left type in “cPHulk Brute Force Protection”.
  4. From this program you can block and whitelist countries at will.


Cloudflare is a company that essentially puts a layer of protection between your domain and would be hackers. It can really help with brute force attacks. They have a free version and a paid version that can prevent you from getting DDoS or ransomware attacks. They also protect your server information.


For WordPress users, there are a handful of plug-ins that claim to be able to block countries. There was one we used for years that worked really well but has since fallen into disrepair. If a WP plug-in is not routinely maintained by its creator then the plug-in itself can become your biggest vulnerability. As of right now, the IP Geo Blockers that are available in the WordPress plug-in repertoire are lackluster at best and ineffective at worst.

Leave a Reply

Your email address will not be published. Required fields are marked *