Plugin Directory

Test out the new Plugin Directory and let us know what you think.

IP Geo Block

It blocks spam posts, login attempts and malicious access to the back-end requested from the specific countries, and also prevents zero-day exploit.

Using The WordPress Dashboard

  1. Navigate to the 'Add New' in the plugins dashboard
  2. Search for 'IP Geo Block'
  3. Click 'Install Now'
  4. Activate the plugin on the Plugin dashboard
  5. Try 'Best settings' button for easy setup at the bottom of this plugin's setting page.

Please refer to the document or following descriptions for your best setup.

Validation rule settings

  • Matching rule
    Choose either White list (recommended) or Black list to specify the countries from which you want to pass or block.

  • Country code for matching rule
    Specify the country code with two letters (see ISO 3166-1 alpha-2 ). Each of them should be separated by comma.

  • White/Black list of extra IPs for prior validation
    The list of extra IP addresses prior to the validation of country code. CIDR notation is acceptable to specify the range.

  • $_SERVER keys for extra IPs
    Additional IP addresses will be validated if some of keys in $_SERVER variable are specified in this textfield. Typically HTTP_X_FORWARDED_FOR.

  • Bad signatures in query It validates malicious signatures independently of Block by country and Prevent Zero-day Exploit for the target Admin area, Admin ajax/post, Plugins area and Themes area. Typically, /wp-config.php and /passwd.

  • Response code
    Choose one of the response code to be sent when it blocks a comment. The 2xx code will lead to your top page, the 3xx code will redirect to Black Hole Server, the 4xx code will lead to WordPress error page, and the 5xx will pretend an server error.

  • Validation timing
    Choose "init" action hook or "mu-plugins" (ip-geo-block-mu.php) to specify the timing of validation.

Back-end target settings

  • Comment post
    Validate post to wp-comment-post.php. Comment post and trackback will be validated.

    Validate access to xmlrpc.php. Pingback and other remote command with username and password will be validated.

  • Login form
    Validate access to wp-login.php and wp-signup.php.

  • Admin area
    Validate access to wp-admin/*.php.

  • Admin ajax/post
    Validate access to wp-admin/admin-(ajax|post)*.php.

  • Plugins area
    Validate direct access to plugins. Typically wp-content/plugins/…/*.php.

  • Themes area
    Validate direct access to themes. Typically wp-content/themes/…/*.php.

Front-end target settings

  • Block by country
    Enables validation of country code on public facing pages.

  • Matching rule
    Same as Validation target settings but can be set independently.

  • Validation target
    Specify the single and archive page by post type, category and tag as blocking target.

  • UA string and qualification
    Additional rules targeted at SEO which can specify acceptable requests based on user agent.

  • Simulation mode
    You can simulate the 'blocking on front-end' functionality before deploying.

Geolocation API settings

  • API selection and key settings
    If you wish to use IPInfoDB, you should register at their site to get a free API key and set it into the textfield. And ip-api.com and Smart-IP.net require non-commercial use.

Local database settings settings

  • Auto updating (once a month)
    If Enable, Maxmind GeoLite database will be downloaded automatically by WordPress cron job.

Record settings

  • Record validation statistics
    If Enable, you can see Statistics of validation on Statistics tab.

  • Record validation logs
    If you choose anything but Disable, you can see Validation logs on Logs tab.

  • $_POST keys in logs
    Normally, you can see just keys at $_POST data: on Logs tab. If you put some of interested keys into this textfield, you can see the value of key like key=value.

  • Anonymize IP address
    It will mask the last three digits of IP address when it is recorded into the log.

Cache settings

  • Expiration time [sec]
    Maximum time in sec to keep cache.

  • Garbage collection period [sec]
    Period of garbage collection to clean cache.

Submission settings

  • Text position on comment form
    If you want to put some text message on your comment form, please choose Top or Bottom and put text with some tags into the Text message on comment form textfield.

Plugin settings

  • Remove settings at uninstallation
    If you checked this option, all settings will be removed when this plugin is uninstalled for clean uninstalling.

Requires: 3.7 or higher
Compatible up to: 4.7.1
Last Updated: 2 weeks ago
Active Installs: 10,000+


4.9 out of 5 stars


10 of 18 support threads in the last two months have been marked resolved.

Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

50,2,1 100,1,1
100,1,1 0,2,0
100,1,1 100,3,3
0,1,0 100,1,1