country block

duplicate post due to hiccup

Yep, you can do this by getting all the UK country IP blocks here.
nirsoft.net/countryip/gb.html, but then what about neighboring countries then?

here is an online IP to CIDR site: ip2cidr.com/

We recently ran extensive testing on IP blocking vs CAPTCHA and CAPTCHA is by far the simpler and much more effective approach. See our test results here: forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/#post-9378

Note: what is not mentioned is that we tried some well known conventional CAPTCHA plugins prior to doing extensive IP testing and we were still getting quite a lot of spammer registrations/spam posts. A Logical explanation would be that the spammers have created a “dictionary” file where they have entered in all the possible CAPTCHA combinations to automate spam registrations/logins/posting.

so i would need to enter all those ips
nirsoft.net/countryip/gb.html
my sites are aimed at UK

i was told i could do it via /etc/csf/csf.deny
but not sure how you get the ip range

I have now implemented a contact form on my sites with captcha, and prevented registration so maybe that is way to go.

also if i want to disable BPS at any time and use original htaccess do i just delete htaccess and rename htaccess-orig to htaccess

Yes, we have conclusively found that using a CAPTCHA method is far superior to IP blocking when it comes to spam prevention.

BPS has built-in turn on / turn off capability. BPS has a built-in .htaccess file editor and Custom Code to automate .htaccess file handling/code editing within your WP Dashboard

1. Activate Default Mode on the Security Modes page.
2. Use the Delete wp-admin .htaccess feature on the Security Modes page.

and if you cant access site for any reason? had an issue the other day ended up reloading a backup as i got totally lost lol

Yep, if you cannot access the site due to the root .htaccess file having invalid code then you can just delete it via FTP, log back in, correct the invalid code and activate root BulletProof Mode again. Or if you use the BPS Backup & Restore feature then you would just Restore your .htaccess files.

so no need to ftp another htaccess after deleting, or as said rename the htaccess.orig

You should still be able to log back into your site if a root .htaccess file does not exist so you can do it either way you prefer.

One thing that is very important to point out regarding spammers is Akismet catches minimum of 96% of spam comments so you should be using Akismet with whatever additional spam prevention method you choose. What we found was that trying to continue to keep adding IP addresses is very time consuming and the process is ongoing. Testing with a CAPTCHA method takes very little time and if something does get through then Akismet catches it/spams it.