Log and block IP addresses after a single failed login attempt if they are from a different country to you.
This plugin checks the two letter country code of anyone trying to login to wp-login.php. If the country code is different to your country code which you selected in the setup and the login fails a single attempt, it lists the IP address to a database hosted with phpwebhost.co.za.
Each time a login attempt is made from a country code outside of your own, the IP address is checked against this database and if the IP address is in the block list, the wp-login.php form is not displayed.
IP's listed in our database are automatically expired after a week of inactivity.
Why a single login failure for countries outside of your own, but no protection for login attempts from your own country?
Most malicious login attempts will come from a range of countries. Its "safe" to block those on a single failure as you will not end up blocking yourself, unless you try to login from a different country (ie, you're travelling) or you use a proxy in a different country AND your login fails.
This plugin will stop those brute force attempts by logging and blocking IPs from your own site. However, the real power comes in from the fact that other WordPress sites in your country using this plugin all contribute to the globally available block list. If another wordpress site in a different part of your country lists an IP address in the block list and that IP address then comes to your site, it will be blocked from the wp-login.php (ie, it won't even have a single attempt!)
We don't block IP's from your own country because our blocking is too strict, ie after a single failure the IP is listed and blocked. This would mean that if you accidentally type in an incorrect login once, you would be blocked. So, we ignore your own country code's login failures. To catch those, we recommend a plugin like "Limit Login Attempts"