I'm tightening my website's security by blocking certain countries, especially after seeing several WordPress sites getting attacked through their login pages. I've moved my login script, but I'm considering using Cloudflare for country blocking. Are there specific countries we should block, or is it better to adopt a whitelist approach, allowing only the countries we do business with?
5 Answers
Blocking countries like North Korea, Iran, Russia, and China is common, but since attacks can happen from anywhere, I recommend just allowing access to the known countries you work with. Otherwise, you might face issues as attackers can come from unexpected locations.
For our e-commerce site, we only block countries where shipping doesn’t happen. Most threat attempts have come from the US, which is surprising considering we block other 'usual suspects.' Keeping the firewall tight really helps!
That’s a smart move! Sometimes the most risks come from unexpected areas.
We operate by blocking all countries unless there's a business need. It’s a simple measure but effective! Just manage exceptions when needed.
In general, for public-facing websites, I don't block any countries. We rely on various security measures instead. However, for corporate networks, we only allow access from countries where we have business operations, blocking all others by default. It keeps things tight and secure!
Totally agree! Whitelisting is definitely the best practice. Only allow what's necessary and block the rest.
Right on! Best to block unless there's a clear reason for access. Keeps unwanted traffic at bay.
If your business operates in one country, it might make sense to block everyone else entirely. I had to block all but Germany for a critical project because attacks didn’t just come from expected regions—they came from everywhere!
For sure! We see plenty of attacks from unexpected places, even places like the US or Netherlands.