Do you know if you can have too many htaccess rules?
It all depends on what kind of rules they are. If they are redirect rules, then yes. If they are not set up properly it can cause a redirect loop, also a lot of unnecessary redirects can really slow down the site. A lot of .htaccess rules also makes it harder to keep the code organised. Are you experiencing any issues with your htaccess file?
I was looking to block everything except USA based IP addresses. I found a list of USA IP ranges. It was about 50k allow lines though.
Oh those are the rules you were referring to , then I misunderstood you. I would highly suggest that you do not do that. Each visitors IP would have to go through the whole .htaccess list which would take a long time to load, it could even cause load spikes on the server. What you could do, is just block the usual countries that are causing trouble in the firewall, like China, Russia, Ukraine, France. The CSF has a geoIP feature which would allow us to set this up in a simple way and server wide.
Okay good to know, thanks. I was looking to block login attempts to wp-admin via htaccess and wondered what the best way to block whole countries is here? Do you think the firewall is best option rather than htaccess rule?
It would be best yes. We can also set up a .htaccess rule that would deny wp-admin access to everyone but your IP, or to everyone but your and your developers IP. That would be even better.
Some of my users IP address changes though and I was looking for geo location option. Does this need to be added via firewall then?
Yes, but I would suggest that we don't deny everyone but the US. I suggest that we only deny the few I stated above.