It blocks any comments, pingbacks, trackbacks posted from outside your nation, and also protects against malicious accesses to the login form, admin / plugins / themes area and XML-RPC from undesired countries.
Access to the basic and important entrances into the back-end such as
wp-admin/*.php and so on will be validated by means of a country code based on IP address.
In order to prevent the invasion through the login form and XML-RPC against the brute-force and the reverse-brute-force attacks, the number of login attempts will be limited per IP address even from the permitted countries.
"Zero-day Exploit Prevention for WP" (WP-ZEP) will block any malicious accesses even from the permitted countries. It will protect against certain types of attack such as CSRF, SQLi and so on, even if you have some vulnerable plugins in your site.
A numerous malicious requests to expose
wp-config.php via vulnerable plugins or themes can be blocked.
A cache mechanism for the fetched IP addresses has been equipped to reduce load on the server against the burst accesses with a short period of time.
When you click an external hyperlink on admin screen, http referrer will be eliminated to hide a footprint of your site.
The membership can login from anywhere, but a request such as a new user registration, creating a new topic and subscribing comment is blocked by the country code.
This plugin is simple and lite enough to be able to cooperate with other full spec security plugins, such as Wordfence Security and so on.
You can have the custom error page, and also customize the basic behavior of this plugin via
add_filter() with pre-defined filter hook. See
samples.php bundled within this package.