IP Blocking

Skip to first unread message

Juan Abelleira

May 12, 2021, 1:45:36 PM5/12/21
to Minneapolis St. Paul WordPress User Group
Anyone have any info regarding IP blocking? I have a client that needs to block certain countries from accessing a single page on my website.


Patrick Lewis

May 12, 2021, 2:58:38 PM5/12/21
to Minneapolis St. Paul WordPress User Group
There is a plugin called IQ Block Country (https://wordpress.org/plugins/iq-block-country/). It allows you to block portions of your site to a country.

It does require downloading a database of IP addresses by country separately, but the instructions tell you where to get it.

I would challenge your client whether to go this route, or whether to block the entire site. If you could block the entire site, it could be done at the webserver level, instead of invoking a PHP process via WordPress. The concern here is performance.

Dealing with the blocking at the WordPress level has one other problem. This approach is essentially incompatible with page caching plugins, as caching plugins create static versions of your page. IQ Block Country plugin does attempt to discourage blocked pages from being cached, but many popular caching plugins do not honor this.

Nick Ciske

May 12, 2021, 3:08:19 PM5/12/21
to Minneapolis St. Paul WordPress User Group

Likely requires disabling page cache for those URLs

- WordFence (Paid) - https://www.wordfence.com/help/blocking/country-blocking/
- Use an IP GeoLocation redirect plugin - https://blog.templatetoaster.com/redirect-visitors-based-on-country-or-ip-address-in-wordpress/
- Use a GeoIP plugin to detect country and conditionally block/redirect users via PHP (may require page caching be disabled) - https://wordpress.org/plugins/geoip-detect/
- Cloudflare page rule (requires Cloudflare DNS with proxy enabled) to pass country code in header, then read that/react in some custom code or .htaccess rule

Works with page caching enabled, but requires Cloudflare DNS + Proxy enabled

- Cloudflare IP access rule with Country/URL matching - https://support.cloudflare.com/hc/en-us/articles/217074967-Configuring-IP-Access-Rules


IP lists in htaccess — as they change often enough that they are serious hassle to maintain (and easily fooled).

Nick Ciske
CTO/CISO | LuminFire

Debra Axness

May 13, 2021, 10:19:33 AM5/13/21
to Minneapolis St. Paul WordPress User Group
Have you tried wordfence? I have the free version and am installing it on all my clients' websites. The free version even allows me to have a central website to see all the websites I've installed it on in a snapshot.
The paid version (~$100 per license) allows country IP blocking. 
See more info here: https://www.wordfence.com/
On Wednesday, May 12, 2021 at 12:45:36 PM UTC-5 juan.ab...@gmail.com wrote:


May 25, 2021, 11:41:55 AM5/25/21
to Minneapolis St. Paul WordPress User Group
We use WordFence as well , but the premium version.  I am a developer and not an WAF guy, but I find WordFence a must have plugin.  They have great support as well as weekly live stream in youtube where they cover a lot of topics.
Reply all
Reply to author
0 new messages