Wordpress Country Blocking Without a Paid 3rd Party Solution

I'm tired of foreign hackers trying to gain access to my wordpress site. Is there a true CODING solution?  I've tried some editing to the htaccess file with no success. I need to block by country. I'm not interested in paying for WordFence as a solution.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lucas BishopClick TrackerCommented:
One option you may want to start with is the free CloudFlare plan. They offer a variety of out of the box security features that may significantly cut down on the activity you are seeing. Implementation is as simple as updating your DNS settings.
webdorkAuthor Commented:
I use Cloudflare I don't believe they offer Country blocking in the Free Plan.
Lucas BishopClick TrackerCommented:
Yeah, the premium plan is the only way to implement a broad country filter. I suspected the majority of the activity you were seeing was from bots, in which case CF would help trim that down significantly.

Another option you could take is blocking IP ranges (ie. block russia/spain/brazil/etc, or allowing IP ranges from select countries only (ie. allow only US, CA, GB, etc). You can do this in CF, or alternatively via htaccess:
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

webdorkAuthor Commented:
That seems like a lot of content in .htaccess. Does this effect performance?
webdorkAuthor Commented:
It looks like adding IP blocks at Cloudflare is done one at a time.
Lucas BishopClick TrackerCommented:
Allow/Deny directives are not very resource intense, and there is no DNS lookup performed with IP ranges, so I would not expect a noticeable change in performance outside of a a few microseconds.

Choosing to allow certain ranges, rather than deny a metric ton, may help keep the file smaller.

In any event, a determined hacker will spoof his IP/Country/etc to get around these types of barriers, so I'd say this will only prevent the laziest of the malicious.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
webdorkAuthor Commented:
Good answer.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.