Should I restrict the countries?

The Allowed Countries setting can be used to restrict the back-end login only to the connections that come from a few countries.

When you try to access the back-end of your website, before to display the login form, the system will try to understand from which country you come from. If the obtained country is not allowed, the system will raise a 403 blank page.

This way, you can immediately avoid login attempts of the users that try to attack your back-end from different countries.

The system is able to recognize the country of origin thanks to the IPInfo Handler plugin.