GeoIP Login

What It Does

This GeoIP login module is part of the Users Login section of SecuPress.

This security feature helps protect your WordPress login system by challenging accounts logging in from a different geographic location than usual.

Why It Matters

By protecting accounts from login locations geographically distant from their usual habits, you reduce the risk of compromise.

By implementing this security measure, you protect your website against threats such as session theft, password theft, or account hijacking.

How to Use

Activate this module in the Users Login section of the SecuPress settings.

Once activated, the module will run automatically and provide protection for your website.

If you experience any issues after activation, you can temporarily deactivate the module. The module will automatically remove its protection rules upon deactivation.

Expert Settings

Device Verification

You can specify which device is attempting to connect. You can then validate your devices one by one for each connection. If an attack is launched from another computer, mobile device, script, bot, or hacking tool, the connection will be challenged, making it impossible to connect without validating the code received in your email.

Verification Level

You can choose different verification levels for location. The levels represent a "strength of protection" ranging from 1 (low) to 5 (high):

Verify by Country
Verify by Region
Verify by City
Verify by Flexible IP Address (Default)
Verify by Strict IP Address

Session hijacking protection

Login sessions can be hijacked or stolen. An attacker could gain access to your account without even needing your login/password.

However, this means the session's location and device will be different. You can add extra protection to prevent this and force the same login challenge as for the initial connection.

Be careful, if you regularly log in through a proxy or load balancer, you may frequently change your IP address and thus often have to perform this challenge.