Country code failed login wordpress plugin

country code failed login wordpress plugin


Download Country Code Failed Login WordPress Plugin


The country code failed login wordpress plugin checks the two letter country code of anyone trying to login to your wordpress site. If the country code is different to your own country code which you selected in the settings page and the login fails a single attempt, it lists the IP address to a database hosted with

Each time a login attempt is made from a country code outside of your own, the IP address is checked against this database and if the IP address is in the block list, the wordpress login form is not displayed.

IP’s listed in our database are automatically expired after a week of inactivity.

Why a single login failure for countries outside of your own, but no protection for login attempts from your own country?

Most malicious login attempts will come from a range of countries. Its “safe” to block those on a single failure as you will not end up blocking yourself, unless you try to login from a different country (ie, you’re travelling) or you use a proxy in a different country AND your login fails.

This plugin will stop those brute force attempts by logging and blocking IPs from your own site. However, the real power comes in from the fact that other WordPress sites in your country using this plugin all contribute to the globally available block list. If another wordpress site in a different part of your country lists an IP address in the block list and that IP address then comes to your site, it will be blocked from the wp-login.php (ie, it won’t even have a single attempt!)

We don’t block IP’s from your own country because our blocking is too strict, ie after a single failure the IP is listed and blocked. This would mean that if you accidentally type in an incorrect login once, you would be blocked. So, we ignore your own country code’s login failures. To catch those, we recommend a plugin like “Limit Login Attempts”


Download Country Code Failed Login WordPress Plugin


Install Country Code Failed Login WordPress Plugin


WordPress Plugins

Rather than FTP, you can:

  • Log into WordPress
  • Download Country Code Failed Login WordPress Plugin
  • Click on the Plugins->Add New menu in the side navigation
  • In the Install Plugins screen, click on the “Upload” link.
  • Browse for this file and click on the Install Now button

2. Activate the plugin through the ‘Plugins’ menu in WordPress

3. Go to the plugin’s setting page and select your own country. This step is crucial!!

Download Country Code Failed Login WordPress Plugin


Frequently Asked Questions

After installing this plugin my wp-login.php form crashed (500 server error or similar)

This may happen if your web hosting company has not configured their server to handle SOAP. The first thing you should do is ask them why! Then to access your login form go to your wp-login.php form and add the ccfl=off parameter, eg, If this seems confusing, please go to for more info and we’ll help you get in!

We have users from multiple countries logging in, can we use this plugin?

If your blog allows registrations and logins from more than a single country, then no, this plugin will not be suitable as your users outside of your country may be blocked.

I have multiple users, can I use this plugin?

That depends on where your multiple users are. This is really more of a multiple country question. If your blog allows registrations and logins from more than a single country, then no, this plugin will not be suitable as your users outside of your country may be blocked.

Will this plugin block my website visitors?

No, this plugin does not block visitors from outside of your own country to your website. If a bad IP address attempts to log into your wordpress admin panel they will be blocked from further attempts at the admin panel, however they can still view your regular website.

What happens if I accidentally block myself and I can’t log in?

This shouldn’t really happen, provided that you’ve set your own country in the settings screen. This plugin will not block the country you select there. If you did not select your country then the plugin does not log nor block anyone.

Why so strict against “other” countries?

As server admins we see huge numbers of attacks on the wordpress login screen. These brute force attacks are a real threat to your wordpress site. We’ve seen up to 2000 attacks from almost as many different IPs on a single site per hour recently. This is not about being “nasty” to other countries, but lets face it, if your in a particular country do you really need to provide access to your login form to other countries?

Up to 2000 attacks per hour from almost as many IPs, will this plugin help?

Its true that if you were the only person using this plugin, it would not help much. However, as this plugin is used by more and more sites its very likely that bad IPs will be in the block list before they even get to your site, in which case they will not be able to access the wp-login.php form, so yes, it helps.

What happens if I don’t enter my country?

Nothing… The plugin won’t log bad IPs and it won’t block IPs either. Its essentially the same as deactivating the plugin


Please use the comment section below for support requests


1.0.0 (2013-06-17)

This is the first version..

1.0.1 (2013-06-19)

Added a message loader function to import announcements / news and update messages from the main server into the settings screen.

Added a message dialog in the dashboard’s right now box to show stats

Added new stats in the settings screens. Blocked by you this month and Attacks against you blocked by the network this month

1.0.2 (2013-06-21)

Added ccfl argument to wp-login.php?ccfl=off if your host is not correctly setup and the plugin causes your login form to crash


Added the register_shutdown_function to check if a SOAP not found error has occured and automatically disables this plugin and display a useful message to the user. This version obsoletes v1.0.2


Added remote lookups of the list of country codes to use in the settings page. If a new country code(s) is added to the remote server, they are automatically updated locally.


Added all country codes to an include file which is installed with the plugin so that remote lookups are not needed (obsoletes v1.0.4)

1.0.6 (2013-08-11)

Added logging capabilities

facebook google twiter linkedin linkedin linkedin linkedin linkedin

2 Responses to Country code failed login wordpress plugin

  1. I am getting an error when trying to login to the website. The website seems to work except when I try accessing /wp-login.php. I get a connection error.

    I seem to remember having this problem once before and after a short time it seemed to resolve so I guesses it was maybe a temporary lockout or something. But since it has come up again I thought to ask you to have a look. I think I just updated that plugin yesterday.


    • Hi Gordon,

      There was an announcement released a while ago (although, because we don’t require registration you would have had to have seen the announcement in the country code failed login settings screen, so not ideal!!). Anyway, the announcement said that people need to upgrade because we were switching URLs, so the plugin would break.

      Fortunately, I do have a fix! Go here:

      Then in the bottom, type in your address, eg, It should auto generate a clickable link for you, which will disable CCFL and let you in.

      Once in you can do the plugin upgrade, then reactivate it.

      You can go to this page for each of your sites, or you can just use the link and change the domain name part.

      I just took a look at the file on the server and I think you might have upgraded something else, this is still a slightly older version. The newest version is 2.0.4

Leave a Reply

Contact us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Questions, issues or concerns? I'd love to help you!

Click ENTER to chat