Plugin Directory

IP Geo Block

It blocks any spams, login attempts and malicious access to the admin area posted from the specific countries, and also prevents zero-day exploit.

Using The WordPress Dashboard

  1. Navigate to the 'Add New' in the plugins dashboard
  2. Search for 'IP Geo Block'
  3. Click 'Install Now'
  4. Activate the plugin on the Plugin dashboard

Validation rule settings

  • Matching rule
    Choose either White list (recommended) or Black list to specify the countries from which you want to pass or block.

  • Country code for matching rule
    Specify the country code with two letters (see ISO 3166-1 alpha-2 ). Each of them should be separated by comma.

  • White/Black list of extra IPs for prior validation
    The list of extra IP addresses prior to the validation of country code. CIDR notation is acceptable to specify the range.

  • $_SERVER keys for extra IPs
    Additional IP addresses will be validated if some of keys in $_SERVER variable are specified in this textfield. Typically HTTP_X_FORWARDED_FOR.

  • Bad signatures in query It validates malicious signatures independently of Block by country and Prevent Zero-day Exploit for the target Admin area, Admin ajax/post, Plugins area and Themes area. Typically, /wp-config.php and /passwd.

  • Response code
    Choose one of the response code to be sent when it blocks a comment. The 2xx code will lead to your top page, the 3xx code will redirect to Black Hole Server, the 4xx code will lead to WordPress error page, and the 5xx will pretend an server error.

Validation target settings

  • Comment post
    Validate post to wp-comment-post.php. Comment post and trackback will be validated.

    Validate access to xmlrpc.php. Pingback and other remote command with username and password will be validated.

  • Login form
    Validate access to wp-login.php and wp-signup.php.

  • Admin area
    Validate access to wp-admin/*.php.

  • Admin ajax/post
    Validate access to wp-admin/admin-(ajax|post)*.php.

  • Plugins area
    Validate direct access to plugins. Typically wp-content/plugins/…/*.php.

  • Themes area
    Validate direct access to themes. Typically wp-content/themes/…/*.php.

Geolocation API settings

  • API selection and key settings
    If you wish to use IPInfoDB, you should register at their site to get a free API key and set it into the textfield. And ip-api.com and Smart-IP.net require non-commercial use.

Local database settings settings

  • Auto updating (once a month)
    If Enable, Maxmind GeoLite database will be downloaded automatically by WordPress cron job.

Record settings

  • Record validation statistics
    If Enable, you can see Statistics of validation on Statistics tab.

  • Record validation logs
    If you choose anything but Disable, you can see Validation logs on Logs tab.

  • $_POST keys in logs
    Normally, you can see just keys at $_POST data: on Logs tab. If you put some of interested keys into this textfield, you can see the value of key like key=value.

  • Anonymize IP address
    It will mask the last three digits of IP address when it is recorded into the log.

Cache settings

  • Number of entries
    Maximum number of IPs to be cached.

  • Expiration time [sec]
    Maximum time in sec to keep cache.

Submission settings

  • Text position on comment form
    If you want to put some text message on your comment form, please choose Top or Bottom and put text with some tags into the Text message on comment form textfield.

Plugin settings

  • Remove settings at uninstallation
    If you checked this option, all settings will be removed when this plugin is uninstalled for clean uninstalling.

Requires: 3.7 or higher
Compatible up to: 4.6.1
Last Updated: 3 weeks ago
Active Installs: 10,000+


4.9 out of 5 stars


10 of 13 support threads in the last two months have been marked resolved.

Got something to say? Need help?


Not enough data

1 person says it works.
0 people say it's broken.

50,2,1 100,1,1
100,1,1 0,2,0
100,1,1 100,3,3