{"id":322991,"date":"2026-06-10T11:11:48","date_gmt":"2026-06-10T11:11:48","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/securitify-ip-geo-access-control\/"},"modified":"2026-06-10T11:11:32","modified_gmt":"2026-06-10T11:11:32","slug":"nexiguard-ip-geo-access-control","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/nexiguard-ip-geo-access-control\/","author":23367631,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.0","stable_tag":"1.0.0","tested":"7.0","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"NexiGuard \u2013 IP & Geo Access Control","header_author":"Nexiby LLC","header_description":"Restrict website access by IP address, CIDR ranges, countries, and regions.","assets_banners_color":"d5dbe3","last_updated":"2026-06-10 11:11:32","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/github.com\/devatiq\/nexiguard-ip-geo-access-control","header_author_uri":"https:\/\/nexiby.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":26,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"nexibyllc","date":"2026-06-10 11:11:32"}},"upgrade_notice":{"1.0.0":"<p>Initial public release of NexiGuard \u2013 IP &amp; Geo Access Control.<\/p>"},"ratings":[],"assets_icons":{"icon-128z128.png":{"filename":"icon-128z128.png","revision":3567277,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3567277,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3567277,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3567277,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3567277,"resolution":"1","location":"assets","locale":"","width":1212,"height":2439},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3567277,"resolution":"2","location":"assets","locale":"","width":1205,"height":841},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3567277,"resolution":"3","location":"assets","locale":"","width":1153,"height":552},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3567277,"resolution":"4","location":"assets","locale":"","width":1233,"height":527}},"screenshots":{"1":"settings","2":"IP Blocking","3":"Country &amp; Region Blockings","4":"Logs"}},"plugin_section":[],"plugin_tags":[1912,1174,31970,1945,600],"plugin_category":[54],"plugin_contributors":[224459,250819],"plugin_business_model":[],"class_list":["post-322991","plugin","type-plugin","status-publish","hentry","plugin_tags-access-control","plugin_tags-firewall","plugin_tags-geo-block","plugin_tags-ip-block","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-atiqbd4ever","plugin_contributors-nexibyllc","plugin_committers-nexibyllc"],"banners":{"banner":"https:\/\/ps.w.org\/nexiguard-ip-geo-access-control\/assets\/banner-772x250.png?rev=3567277","banner_2x":"https:\/\/ps.w.org\/nexiguard-ip-geo-access-control\/assets\/banner-1544x500.png?rev=3567277","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/nexiguard-ip-geo-access-control\/assets\/icon-128z128.png?rev=3567277","icon_2x":"https:\/\/ps.w.org\/nexiguard-ip-geo-access-control\/assets\/icon-256x256.png?rev=3567277","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/nexiguard-ip-geo-access-control\/assets\/screenshot-1.png?rev=3567277","caption":"settings"},{"src":"https:\/\/ps.w.org\/nexiguard-ip-geo-access-control\/assets\/screenshot-2.png?rev=3567277","caption":"IP Blocking"},{"src":"https:\/\/ps.w.org\/nexiguard-ip-geo-access-control\/assets\/screenshot-3.png?rev=3567277","caption":"Country &amp; Region Blockings"},{"src":"https:\/\/ps.w.org\/nexiguard-ip-geo-access-control\/assets\/screenshot-4.png?rev=3567277","caption":"Logs"}],"raw_content":"<!--section=description-->\n<p>NexiGuard \u2013 IP &amp; Geo Access Control is a public WordPress access control plugin for administrators who need to restrict site access using local IP rules and optional GeoIP data.<\/p>\n\n<p>Features include:<\/p>\n\n<ul>\n<li>Block List mode: visitors matching rules are blocked.<\/li>\n<li>Allow List mode: only visitors matching rules are allowed.<\/li>\n<li>Exact IP address rules.<\/li>\n<li>CIDR range rules for IPv4 and IPv6.<\/li>\n<li>Country and region\/state rules when a GeoIP provider is configured.<\/li>\n<li>Optional blocking for the frontend, login page, REST API, and XML-RPC.<\/li>\n<li>403, 404, or custom blocked responses.<\/li>\n<li>Custom blocked messages with plain text and basic safe HTML.<\/li>\n<li>Safe visitor IP detection using REMOTE_ADDR by default.<\/li>\n<li>Optional Cloudflare visitor IP detection.<\/li>\n<li>Optional trusted proxy header support.<\/li>\n<li>Bulk import for IP\/CIDR rules.<\/li>\n<li>Export and import settings as JSON.<\/li>\n<li>Optional minimal blocked-attempt logs.<\/li>\n<li>Admin lockout protection and an emergency bypass constant.<\/li>\n<\/ul>\n\n<h4>Privacy and GeoIP<\/h4>\n\n<p>IP blocking works without any third-party service. Country and region blocking requires either a readable local GeoIP database or an explicitly configured API provider.<\/p>\n\n<p>Visitor IP addresses are not sent externally unless an administrator selects API provider mode and configures an API endpoint. Optional logs store only date\/time, IP address, matched rule type, and requested path.<\/p>\n\n<h4>Admin safety<\/h4>\n\n<p>NexiGuard is disabled by default after activation. Logged-in administrators are never blocked by default. The admin screen displays the detected admin IP and requires confirmation before adding an IP\/CIDR rule that matches it.<\/p>\n\n<p>Emergency bypass: define <code>NEXIGUARD_DISABLE<\/code> as <code>true<\/code> in <code>wp-config.php<\/code> to stop all blocking.<\/p>\n\n<h3>External Services<\/h3>\n\n<p>NexiGuard does not contact any external service by default.<\/p>\n\n<p>If an administrator selects API provider mode and configures an API endpoint, NexiGuard sends a GET request to that administrator-configured endpoint to look up country and region data for visitor IP addresses. The visitor IP address is sent in the configured URL using the <code>{ip}<\/code> placeholder or as an <code>ip<\/code> query parameter. If an API key is configured, it is sent as a Bearer token in the Authorization header.<\/p>\n\n<p>Because the API endpoint is entered by the site administrator, the site owner is responsible for reviewing that provider's terms of service and privacy policy before enabling API provider mode.<\/p>\n\n<p>Local IP and CIDR blocking do not use any external service. MaxMind mode reads a local database file and does not send visitor IPs externally.<\/p>\n\n<h3>License<\/h3>\n\n<p>NexiGuard \u2013 IP &amp; Geo Access Control is licensed under GPL-2.0-or-later.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>nexiguard-ip-geo-access-control<\/code> folder to <code>\/wp-content\/plugins\/<\/code>.<\/li>\n<li>Activate <strong>NexiGuard \u2013 IP &amp; Geo Access Control<\/strong> from the Plugins screen.<\/li>\n<li>Go to <strong>NexiGuard<\/strong> in the WordPress admin menu.<\/li>\n<li>Review the detected admin IP and source.<\/li>\n<li>Add IP, CIDR, country, or region rules.<\/li>\n<li>Enable protection after confirming the desired access mode and request contexts.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20nexiguard%20work%20without%20a%20third-party%20service%3F\"><h3>Does NexiGuard work without a third-party service?<\/h3><\/dt>\n<dd><p>Yes. Exact IP and CIDR blocking work locally without any external dependency.<\/p><\/dd>\n<dt id=\"do%20country%20and%20region%20rules%20require%20a%20provider%3F\"><h3>Do country and region rules require a provider?<\/h3><\/dt>\n<dd><p>Yes. Country and region rules require a local GeoIP database or an explicitly configured API provider.<\/p><\/dd>\n<dt id=\"are%20visitor%20ips%20sent%20to%20external%20services%3F\"><h3>Are visitor IPs sent to external services?<\/h3><\/dt>\n<dd><p>No, not by default. Visitor IPs are sent externally only when an administrator selects API provider mode and configures an API endpoint.<\/p><\/dd>\n<dt id=\"does%20the%20plugin%20trust%20proxy%20headers%20by%20default%3F\"><h3>Does the plugin trust proxy headers by default?<\/h3><\/dt>\n<dd><p>No. The plugin uses <code>REMOTE_ADDR<\/code> by default. Cloudflare and proxy header support are disabled until an administrator enables them.<\/p><\/dd>\n<dt id=\"what%20is%20allow%20list%20mode%3F\"><h3>What is Allow List mode?<\/h3><\/dt>\n<dd><p>Allow List mode blocks visitors unless they match one of your configured IP, CIDR, country, or region rules. Use it carefully.<\/p><\/dd>\n<dt id=\"what%20data%20is%20logged%3F\"><h3>What data is logged?<\/h3><\/dt>\n<dd><p>Only blocked attempts are logged, and only when logging is enabled. Logs contain date\/time, IP address, matched rule type, and requested path.<\/p><\/dd>\n<dt id=\"how%20can%20i%20avoid%20an%20accidental%20lockout%3F\"><h3>How can I avoid an accidental lockout?<\/h3><\/dt>\n<dd><p>Logged-in administrators are excluded by default, and matching the current admin IP requires confirmation. You can also define <code>NEXIGUARD_DISABLE<\/code> as <code>true<\/code> in <code>wp-config.php<\/code>.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial public release.<\/li>\n<\/ul>","raw_excerpt":"Restrict website access by IP addresses, CIDR ranges, countries, and regions.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/322991","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=322991"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/nexibyllc"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=322991"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=322991"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=322991"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=322991"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=322991"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=322991"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}