GeoIP Login

What It Does

This GeoIP login module is part of the Users Login section of SecuPress.

This security feature helps protect your WordPress login system by challenging accounts logging in from a different geographic location than usual.

Why It Matters

By protecting accounts from login locations geographically distant from their usual habits, you reduce the risk of compromise.

By implementing this security measure, you protect your website against threats such as session theft, password theft, or account hijacking.

How to Use

Activate this module in the Users Login section of the SecuPress settings.

Once activated, the module will run automatically and provide protection for your website.

If you experience any issues after activation, you can temporarily deactivate the module. The module will automatically remove its protection rules upon deactivation.

Expert Settings

Device Verification

You can specify which device is attempting to connect. You can then validate your devices one by one for each connection. If an attack is launched from another computer, mobile device, script, bot, or hacking tool, the connection will be challenged, making it impossible to connect without validating the code received in your email.

Verification Level

You can choose different verification levels for location. The levels represent a "strength of protection" ranging from 1 (low) to 5 (high):

Verify by Country
Verify by Region
Verify by City
Verify by Flexible IP Address (Default)
Verify by Strict IP Address

Session Hijacking Protection

By activating this setting, not only the challenge will be prompted when login from another location or device, but on every page loaded when logged-in. The goal is to prevent session to be hijacked, meaning that an attacker can steal ytour session without having to log-in, bypassing the challenge, with this, it cannot happen.