WordPress.org

Polska

Pobierz WordPressa
WordPress.org

Plugin Directory

Advanced Country Blocker

Advanced Country Blocker

Autor: brstefanovic
Pobierz

Opis

Advanced Country Blocker helps you secure your WordPress site by restricting access based on the visitor’s geolocation (country) or IP address. Upon activation, the plugin detects the activating admin’s country and automatically sets that as the only allowed country. All other visitors from different countries are blocked, unless they use a secret key parameter to temporarily whitelist their IP. Country detection uses the privacy-friendly ip-api.com service by default but can be switched to a fully offline MaxMind GeoLite2 (or compatible) database file once you configure a local copy.

Key Features:

  • Automatically allows the admin’s country on plugin activation.
  • Flexible IP-to-country lookups – start with the built-in ip-api.com integration and optionally switch to an offline MaxMind GeoLite2 Country (or compatible) .mmdb database file.
  • Allowlist or blacklist mode – choose whether the country list acts as an allowlist or blocklist without re-entering countries.
  • Temporary access via a customizable secret URL parameter (e.g., ?MySecretKey=1).
  • CAPTCHA Challenge – allow blocked visitors to solve a CAPTCHA to gain temporary access (supports Google reCAPTCHA v2/v3, hCaptcha, Cloudflare Turnstile).
  • Real-Time Activity Monitor – live dashboard showing active visitors, recent blocks, and traffic statistics.
  • Analytics Dashboard – comprehensive charts and statistics about blocked attempts.
  • Manual blacklisting and safelisting of IPs for added security and to accommodate uptime monitors.
  • Optional email alerts when new visitors are blocked.
  • Admin bypass so logged-in admins can always access the site (toggleable in the code).
  • Detailed logging of blocked attempts in a custom database table, displayed in the WP admin.
  • Custom response controls – personalise the block page title/message, choose the HTTP status (403, 410, 451) or redirect to any URL.
  • Automatic log cleanup with configurable retention plus a one-click „Clear Logs” button.

Use the plugin settings page (Country Blocker menu in WP admin) to configure the list of allowed countries, blacklisted countries, blacklisted IPs, and whether email alerts are enabled.

License

This plugin is open-sourced software licensed under the GPLv3 or later.

External Services

By default this plugin contacts the ip-api.com geolocation service to detect visitor countries. You can disable all external lookups by switching the IP lookup method to the local MaxMind database in the settings.

Zrzuty ekranu

  • Settings Page – Configure allowed/blacklisted countries, IPs, CAPTCHA, and email alerts.
  • Blocked Attempts Log – View a list of recently blocked visitors.
  • Analytics Dashboard – Visual charts and statistics about blocked traffic.
  • Live Monitor – Real-time view of active visitors and recent blocks.

Instalacja

  1. Upload the plugin folder to the /wp-content/plugins/ directory, or install via the WordPress „Add Plugin” feature.
  2. Download the GeoLite2 Country database (or another compatible MaxMind DB format country database) from MaxMind and place the .mmdb file somewhere on your server where PHP can read it (optional but recommended for offline mode).
  3. Activate the plugin through the „Plugins” menu in WordPress.
  4. Upon activation, the plugin will:
    • Detect the activating admin’s IP.
    • Determine the corresponding country using your selected lookup method (remote API by default).
    • Set that country as the only allowed country in the plugin settings.
  5. Go to Country Blocker Settings in your WordPress admin menu to adjust configurations (e.g., secret key, blacklisted countries, blacklisted IPs, etc.), choose the IP lookup method, and (optionally) provide the absolute path to your .mmdb file for offline lookups.

Najczęściej zadawane pytania

Where do I get the GeoIP database file?

You can download the free GeoLite2 Country database from MaxMind (requires a free account). Upload the .mmdb file to a readable location on your server (for example, inside wp-content/uploads/) and paste the absolute file path into the GeoIP Database Path field on the plugin settings page.

My IP geolocation is incorrect. How do I fix it?

Local GeoIP databases occasionally have outdated entries. MaxMind updates GeoLite2 weekly, so download the latest release when you notice inaccuracies. You can also manually add or remove countries on the settings page to adjust who is allowed or blocked.

What if I accidentally block myself?

You can add your IP manually to the temporary whitelist by using the URL parameter (?YourSecretKey=1), solve the CAPTCHA challenge if enabled, or log in as an admin (if admin bypass is enabled). Alternatively, you can deactivate the plugin via FTP or your hosting control panel and adjust settings.

Does this plugin store any visitor data?

The plugin stores IP addresses and (optionally) country codes in a custom log table when visitors are blocked. This is purely for security and administrative review. Remove or adjust this functionality as needed to comply with privacy regulations.

Can I bypass the plugin if I’m an administrator?

Yes, by default, if you are logged in with manage_options capability. You can change or remove this bypass in the plugin code.

Can I customise the block page or send visitors somewhere else?

Yes. The settings page lets you change the block page title/message (with placeholders for {ip}, {country_code}, and {reason}), choose the HTTP status code to send (403, 410, or 451) or redirect visitors to a custom URL with the status code of your choice.

How do I only block a handful of countries?

Stay in the default allowlist mode when you want to permit just the countries you list. Switch to „Use Blacklist Mode” to list only the countries you want to block—everything else will be allowed automatically.

How can I clear or trim the log table?

Use the „Clear Logs” button on the Block Logs screen to wipe all entries instantly. You can also configure automatic log cleanup from the settings page—set the retention to 0 days to keep everything indefinitely.

What CAPTCHA providers are supported?

The plugin supports Google reCAPTCHA v2 (checkbox), Google reCAPTCHA v3 (invisible), hCaptcha, and Cloudflare Turnstile. You can configure your preferred provider in the settings page.

How does the Real-Time Monitor work?

The Live Monitor shows real-time visitor activity including active visitors, recent blocks, and traffic statistics. Data updates automatically every 3 seconds and is stored temporarily.

Recenzje

Excellent work

2025-10-15
Great functionality for restricting or allowing access to content.@brstefanovic is developing the plugin and adding to its functionality.I hope that in the future he will implement the ability to localize the interface into other languages. But even now, the plugin is easy and convenient to use and configure.Thank you, @brstefanovic.

Seems to work quite well

2025-10-10
Looks like this works quite well with the other tools I use. I use uptime robot to monitor my site and disabled their servers’ countries; the service has apparently been alerting for a few hours now. I went ahead and re-added it, but it’s good to know this actually works, even if it throws a 403.Would rather see an http error 410 or 418 instead of 403.

Powerful blocker yet simple and lightweight

2025-08-01
Effective and powerful country/ip blocker, where others have failed, this plugin worked flawlessly and without issues. As an improvement to the plugin, I would suggest having an option to modify the blocking message and another to redirect to a custom URL.

Looks good so far

2025-06-19
I just installed this and it seems to be working quite well. This was the only plugin I could find where you could *allow* only certain countries without jumping through some hoops to install a geo database.

Excited to Try

2025-03-14
So far beyond simple. I only wanted the US to access my website because its the only place I ship to and I get a ton of attacks from other countries. Within minutes my logs showed 3 other countries had already been blocked. I also have WordFence so I can see incoming traffic so it will be neat to see if this blocks the bulk of other countries. With high hopes I thank you for making this plugin!

Nice Update & Saved Me

2025-08-29 1 odpowiedź
Since my earlier review I had a problem with a foreign site that I needed to block. This plugin is so easy to use and so fast that it saved me a lot of heartache. This is a must have! The improvements in 2.0.2 are nice and for me seem more functional. If you are still open to suggestions, I think it would be helpful to sort the allowed or blocked countries alphabetically when you load the plugin. Once you add a dozen or so following your list becomes a little difficult. Just a suggestion and not a must have. Thanks for being so responsive.
Przeczytaj 6 recenzji

Kontrybutorzy i deweloperzy

„Advanced Country Blocker” jest oprogramowaniem open source. Poniższe osoby miały wkład w rozwój wtyczki.

Zaangażowani

Wtyczka „Advanced Country Blocker” została przetłumaczona na 1 język. Podziękuj tłumaczom za ich wkład.

Przetłumacz wtyczkę “Advanced Country Blocker” na swój język.

Interesuje cię rozwój wtyczki?

Przeglądaj kod, sprawdź repozytorium SVN lub czytaj dziennik rozwoju przez RSS.

Rejestr zmian

2.3.1

  • Hotfix for Databases not being downloaded

2.3.0

  • New: Added CAPTCHA Challenge feature allowing blocked visitors to verify via CAPTCHA to gain temporary access
  • New: Added Real-Time Activity Monitor with live visitor tracking, recent blocks, and traffic statistics
  • New: Added Analytics Dashboard with interactive charts showing blocked attempts over time, top countries, and block reasons
  • Security: Fixed secret key bypass vulnerability – now requires value to equal „1” instead of just checking existence
  • Security: Fixed SSRF vulnerability in GeoIP download – now validates URLs and restricts to trusted domains only
  • Security: Fixed IP address spoofing by using WordPress’s wp_http_get_original_ip() function
  • Security: Added file size limits and content validation for GeoIP database uploads/downloads
  • Security: Fixed CAPTCHA secret key exposure in settings page – now masked for security
  • Security: Added proper output sanitization for block reasons in AJAX responses
  • Fixed: Removed duplicate helper functions (advcb_get_country_name, advcb_get_country_flag)
  • Fixed: Redundant cleanup function calls removed for better performance
  • Fixed: Duplicate sanitize callbacks removed

2.2.0

  • Added an optional local MaxMind GeoLite2 (or compatible) database lookup while keeping the ip-api.com integration as the default method.
  • Added settings fields to choose the lookup method, configure the path to the .mmdb database file, and display status messaging for admins.

2.1.0

  • Added a fully customisable block page (title, message placeholders, and selectable HTTP status code).
  • Added optional redirect behaviour with configurable status codes for blocked visitors.
  • Added a trusted IP list to bypass the blocker (ideal for uptime monitoring services).
  • Added automatic log cleanup with adjustable retention and admin notices.
  • Improved settings guidance for switching between allowlist and blacklist modes.

2.0.4

  • Tested with latest WordPress version

2.0.3

  • Added feature to Clear Logs
  • Added feature to Disable Logs
  • Fixed pagination for Logs

2.0.2

  • Added the blacklist mode

2.0.1

  • Fixed WordPress Repo guideline issues

2.0.0

  • Added logging to a custom database table.
  • Added blacklisted country/IP feature.
  • Added admin bypass for testing.
  • Added email alerts.

1.1.0

  • Defaulted to admin’s country on plugin activation.
  • Introduced secret URL key for temporary IP whitelisting.

1.0.0

  • Initial plugin release with basic country blocking and default country code.

Meta

Oceny

5 na 5 gwiazdek.

Dodaj recenzję

Zobacz wszystkierecenzje.

Zaangażowani

Wsparcie

Zagadnienia rozwiązane w przeciągu ostatnich dwóch miesięcy:

1 z 1

Zobacz forum wsparcia