iQ Block Country

plugin banner

Block out the bad guys based on from which country the ip address is from.

Author:Pascal (profile at wordpress.org)
WordPress version required:3.5.2
WordPress version tested:6.2.2
Plugin version:1.2.21
Added to WordPress repository:16-03-2010
Last updated:07-07-2023
Rating, %:78
Rated by:155
Plugin URI:https://webence.nl/plugins/iq-block-country-t...
Total downloads:1 061 347
Active installs:30 000+
plugin download
Click to start download

iQ Block Country is a plugin that allows you to limit access to your website content. You can either allow or disallow visitors from defined countries to (parts of) your content.

For instance if you have content that should be restricted to a limited set of countries you can do so.
If you want to block rogue countries that cause issues like for instance hack attempts, spamming of your comments etc you can block them as well.

Do you want secure your WordPress Admin backend site to only your country? Entirely possible! You can even block all countries and only allow your ip address.

And even if you block a country you can still allow certain visitors by putting their ip address on the allow list just like you can allow a country but put ip addresses on the block list from that country.

You can show blocked visitors a message which you can style by using CSS or you can redirect them to a page within your WordPress site. Or you can redirect the visitors to an external website.

You can (dis)allow visitors to blog articles, blog categories or pages or all content.

Stop visitors from doing harmful things on your WordPress site or limit the countries that can access your blog. Add an additional layer of security to your WordPress site.

This plugin uses the GeoLite database from Maxmind. It has a 99.5% accuracy so that is pretty good for a free database. If you need higher accuracy you can buy a license from MaxMind directly.
If you cannot or do not want to download the GeoIP database from Maxmind you can use the GeoIP API website available on https://webence.nl/geoip-api/

If you want to use the GeoLite database from Maxmind you will have to download the GeoIP database from MaxMind directly and upload it to your site.
The WordPress license does not allow this plugin to download the MaxMind Geo database for you.

Please be aware that although this plugin can help you greatly with reducing the number of ‘bad’ visitors on your website it is not fool proof and those who really want to visit your site may find a away.
This is not a security issue but a simple fact of today. Nobody can guarantee you 100% security as it is a constant battle between the good guys and the bad guys.

If you are sure your webhosting or yourself does not use any form of caching or proxying we recommend setting the “Override IP information” on the Home tab to REMOTE_ADDR

Do you need help with this plugin? Please email support@webence.nl.

GDPR Information

This plugin stores data about your visitors in your local WordPress database. The number of days this data is stores can be configured on the settings page. You can also disable logging any data.

Data which is stored of blocked visitors:

  • IP Address
  • Date and time of the visit
  • URL that was requested
  • Country of the IP address
  • If the block happened on your backend or your frontend

Data which is stored on non blocked visitors:

  • Nothing

If you allow tracking (yeah if you do!) you share some information with us. This is only the IP address of a blocked request on your backend. No other information is send and only the IP address is logged on our systems to gather how many times that IP address have attempted to login to a backend. We do not log which site was visited or which URL just only the IP address So we cannot lead an ip address back to a specific website or user. If an IP address is not blocked again within a month we will remove the IP address from the list.

If you use the GeoIP API service you send the IP address of your visitor to one of our servers. This IP Address is however in no way stored at our servers and only used to convert it to a country id.

Using this plugin with a caching plugin

Please note that many of the caching plugins are not compatible with this plugin. The nature of caching is that a dynamically build web page is cached into a static page.
If a visitor is blocked this plugin sends header data where it supplies info that the page should not be cached. Many plugins however disregard this info and cache the page or the redirect. Resulting in valid visitors receiving a message that they are blocked. This is not a malfunction of this plugin.

Disclaimer: No guarantees are made but after some light testing the following caching plugins seem to work: Comet Cache, WP Super Cache
Plugins that do NOT work: W3 Total Cache, Hyper cache, WPRocket

GeoIP API

For your convenience we offer a GeoIP API service. This API is not mandatory to use as you can always use the free MaxMind GeoIP Database.

If you do not want or can’t go through the hassle of updating your MaxMind GeoIP database we provide an API service to convert the IP address of your visitors to a country.

If you decide to purchase an GeoIP API Key via https://webence.nl/geoip-api/ you’ll get an eMail with your API Key (License Key).
Once you enter this key in your iQ Block Country settings your license key will be validated at our API service and a the nearest API server to you will be chosen. To do this your website will contact all API servers once to request
an empty file.

Once you use the API service the IP address of your visitors and your API key are send to one of the API servers and converted to a country. The plugin checks if the visitor should be blocked based on that country or not.

What is logged on our end?
* Upon validation of your license key your request will be logged in our webserver logs. (This will be the IP address of your webserver).
* Upon checking an IP address of your visitor this IP address is only used to convert it to the country it belongs to and is not logged. We have no way to link a visitors IP address to your website.
What is logged is your API Key and the Website URL making the request.

If you decide to purchase the GeoIP API key your PayPal account will be charged by PayPal on a yearly basis. If you want to cancel your subscription you can cancel the subscription at the PayPal website.
If no payments are made by PayPal your API key will automatically expire.

Privacy policy regarding this service specific can be found here: https://webence.nl/wp-content/uploads/2022/06/Privacy-Policy-Webence-API.pdf

MaxMind Database Usage

This plugin uses the Free version of the MaxMind GeoIP2 Country Database. You can also use the paid version but will have to make sure it is uploaded to the same location with the filename of Free database.

MaxMind Terms of Use: https://www.maxmind.com/en/terms-of-use
MaxMind Privacy Policy: https://www.maxmind.com/en/privacy-policy

Admin Block API

For some extra protection we offer the Admin Block API Key. This contains a list of known IP addresses that have visited various WordPress backends in the past month and were blocked.

If you decide to purchase an Admin Block API Key via https://webence.nl/admin-block-api/ you’ll get an eMail with your API Key (License Key).

If you decide to purchase an Admin Block API Key all visitors of your backend will be matched against this list and even if the visitor is from a country that is not blocked they will be blocked if the IP address is on the Admin Block List.

What is logged on our end?
* Upon validation of your license key your request will be logged in our webserver logs. (This will be the IP address of your webserver).
* Upon retrieving the updated blocklist (multiple times a day) this request is logged in our webserver logs (This will be the IP address of your webserver).

Privacy policy regarding this service specific can be found here: https://webence.nl/wp-content/uploads/2022/06/Privacy-Policy-Webence-API.pdf


FAQ
ChangeLog