How to Target Country Specific Visitors with Cloudflare

If you would like to target specific contents or ads for visitors in certain countries easily, you may use the code below. Make sue you change the array in the target countries.

Bear in mind that this code will only work if you are using Cloudflare service for your domain & enable IP Geolocation in the specific domain. IP Geolocation option can be enabled in Network section of Cloudflare panel. By enabling IP Geolocation, you may retrieve IP Geolocation information from the CF-IPCountry HTTP header.

$country_code = $_SERVER["HTTP_CF_IPCOUNTRY"];

$target_country = array('GB', 'US');

if(in_array($country_code, $target_country) {
// action if true
} else {
// action if false

Defeat wp-login.php Brute Force Attack Using Cloudflare & .htaccess

In dealing WordPress Login (wp-login.php) brute force attack, previously, I recommend changing username & password as mentioned in WordPress Brute Force Attack – Change Username/Login ID post.

It does help to prevent the hacker to gain access, but the attack caused another problem as it consumed a large amount of server resources. Plugins such as Brute Force Login Protection may assist you to block the IPs after a number of wrong attempts. However, some of the hackers have large numbers of IPs, from hundreds to thousands of IPs. I encounter this problem & really taxing my server resources similar to DDOS attack.

While looking for better alternative to solve this problem, I found out that if you are using Cloudflare, the request headers contain the country code of the visitor’s origin. The header I’m talking about is the “HTTP_CF_IPCOUNTRY”.

What you to do is to allow only visitors from certain country to access “wp-login.php” file by using “HTTP_CF_IPCOUNTRY” header  and “.htaccess” file.

The example below is only allow visitors from United States & Canada. Change the country code in the third line to make it applicable to your locations.

 <FilesMatch "wp-login.php">
  RewriteEngine on
  RewriteCond %{HTTP:CF-IPCOUNTRY} !^(US|CA)$
  RewriteRule ^ - [F,L]