Title: NexiGuard – IP & Geo Access Control Author: Nexiby LLC Published: June 10, 2026 Last modified: June 10, 2026 --- Search plugins ![](https://ps.w.org/nexiguard-ip-geo-access-control/assets/banner-772x250.png?rev =3567277) ![](https://ps.w.org/nexiguard-ip-geo-access-control/assets/icon-256x256.png?rev =3567277) # NexiGuard – IP & Geo Access Control By [Nexiby LLC](https://profiles.wordpress.org/nexibyllc/) [Download](https://downloads.wordpress.org/plugin/nexiguard-ip-geo-access-control.1.0.0.zip) * [Details](https://wordpress.org/plugins/nexiguard-ip-geo-access-control/#description) * [Reviews](https://wordpress.org/plugins/nexiguard-ip-geo-access-control/#reviews) * [Installation](https://wordpress.org/plugins/nexiguard-ip-geo-access-control/#installation) * [Development](https://wordpress.org/plugins/nexiguard-ip-geo-access-control/#developers) [Support](https://wordpress.org/support/plugin/nexiguard-ip-geo-access-control/) ## Description NexiGuard – IP & Geo Access Control is a public WordPress access control plugin for administrators who need to restrict site access using local IP rules and optional GeoIP data. Features include: * Block List mode: visitors matching rules are blocked. * Allow List mode: only visitors matching rules are allowed. * Exact IP address rules. * CIDR range rules for IPv4 and IPv6. * Country and region/state rules when a GeoIP provider is configured. * Optional blocking for the frontend, login page, REST API, and XML-RPC. * 403, 404, or custom blocked responses. * Custom blocked messages with plain text and basic safe HTML. * Safe visitor IP detection using REMOTE_ADDR by default. * Optional Cloudflare visitor IP detection. * Optional trusted proxy header support. * Bulk import for IP/CIDR rules. * Export and import settings as JSON. * Optional minimal blocked-attempt logs. * Admin lockout protection and an emergency bypass constant. #### Privacy and GeoIP IP blocking works without any third-party service. Country and region blocking requires either a readable local GeoIP database or an explicitly configured API provider. Visitor IP addresses are not sent externally unless an administrator selects API provider mode and configures an API endpoint. Optional logs store only date/time, IP address, matched rule type, and requested path. #### Admin safety NexiGuard is disabled by default after activation. Logged-in administrators are never blocked by default. The admin screen displays the detected admin IP and requires confirmation before adding an IP/CIDR rule that matches it. Emergency bypass: define `NEXIGUARD_DISABLE` as `true` in `wp-config.php` to stop all blocking. ### External Services NexiGuard does not contact any external service by default. If an administrator selects API provider mode and configures an API endpoint, NexiGuard sends a GET request to that administrator-configured endpoint to look up country and region data for visitor IP addresses. The visitor IP address is sent in the configured URL using the `{ip}` placeholder or as an `ip` query parameter. If an API key is configured, it is sent as a Bearer token in the Authorization header. Because the API endpoint is entered by the site administrator, the site owner is responsible for reviewing that provider’s terms of service and privacy policy before enabling API provider mode. Local IP and CIDR blocking do not use any external service. MaxMind mode reads a local database file and does not send visitor IPs externally. ### License NexiGuard – IP & Geo Access Control is licensed under GPL-2.0-or-later. ## Screenshots [⌊settings⌉⌊settings⌉[ settings [⌊IP Blocking⌉⌊IP Blocking⌉[ IP Blocking [⌊Country & Region Blockings⌉⌊Country & Region Blockings⌉[ Country & Region Blockings [⌊Logs⌉⌊Logs⌉[ Logs ## Installation 1. Upload the `nexiguard-ip-geo-access-control` folder to `/wp-content/plugins/`. 2. Activate **NexiGuard – IP & Geo Access Control** from the Plugins screen. 3. Go to **NexiGuard** in the WordPress admin menu. 4. Review the detected admin IP and source. 5. Add IP, CIDR, country, or region rules. 6. Enable protection after confirming the desired access mode and request contexts. ## FAQ ### Does NexiGuard work without a third-party service? Yes. Exact IP and CIDR blocking work locally without any external dependency. ### Do country and region rules require a provider? Yes. Country and region rules require a local GeoIP database or an explicitly configured API provider. ### Are visitor IPs sent to external services? No, not by default. Visitor IPs are sent externally only when an administrator selects API provider mode and configures an API endpoint. ### Does the plugin trust proxy headers by default? No. The plugin uses `REMOTE_ADDR` by default. Cloudflare and proxy header support are disabled until an administrator enables them. ### What is Allow List mode? Allow List mode blocks visitors unless they match one of your configured IP, CIDR, country, or region rules. Use it carefully. ### What data is logged? Only blocked attempts are logged, and only when logging is enabled. Logs contain date/time, IP address, matched rule type, and requested path. ### How can I avoid an accidental lockout? Logged-in administrators are excluded by default, and matching the current admin IP requires confirmation. You can also define `NEXIGUARD_DISABLE` as `true` in ` wp-config.php`. ## Reviews There are no reviews for this plugin. ## Contributors & Developers “NexiGuard – IP & Geo Access Control” is open source software. The following people have contributed to this plugin. Contributors * [ Nexiby LLC ](https://profiles.wordpress.org/nexibyllc/) * [ Atiqur Rahman ](https://profiles.wordpress.org/atiqbd4ever/) [Translate “NexiGuard – IP & Geo Access Control” into your language.](https://translate.wordpress.org/projects/wp-plugins/nexiguard-ip-geo-access-control) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/nexiguard-ip-geo-access-control/), check out the [SVN repository](https://plugins.svn.wordpress.org/nexiguard-ip-geo-access-control/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/nexiguard-ip-geo-access-control/) by [RSS](https://plugins.trac.wordpress.org/log/nexiguard-ip-geo-access-control/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.0.0 * Initial public release. ## Meta * Version **1.0.0** * Last updated **15 hours ago** * Active installations **Fewer than 10** * WordPress version ** 6.0 or higher ** * Tested up to **7.0** * PHP version ** 7.4 or higher ** * Tags * [access-control](https://wordpress.org/plugins/tags/access-control/)[firewall](https://wordpress.org/plugins/tags/firewall/) [geo block](https://wordpress.org/plugins/tags/geo-block/)[ip block](https://wordpress.org/plugins/tags/ip-block/) [security](https://wordpress.org/plugins/tags/security/) * [Advanced View](https://wordpress.org/plugins/nexiguard-ip-geo-access-control/advanced/) ## Ratings No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/nexiguard-ip-geo-access-control/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/nexiguard-ip-geo-access-control/reviews/) ## Contributors * [ Nexiby LLC ](https://profiles.wordpress.org/nexibyllc/) * [ Atiqur Rahman ](https://profiles.wordpress.org/atiqbd4ever/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/nexiguard-ip-geo-access-control/)