iQ Block Country

Wordpress Plugin
Download latest - 1.2.19

Developers

iqpascal

Download Stats

Today 447
Yesterday 712
Last Week 3,017
All Time 449,431
Banner 772x250

iQ Block Country is a plugin that allows you to limit access to your website content. You can either allow or disallow visitors from defined countries to (parts of) your content.

For instance if you have content that should be restricted to a limited set of countries you can do so. If you want to block rogue countries that cause issues like for instance hack attempts, spamming of your comments etc you can block them as well.

Do you want secure your WordPress Admin backend site to only your country? Entirely possible! You can even block all countries and only allow your ip address.

And even if you block a country you can still allow certain visitors by putting their ip address on the allow list just like you can allow a country but put ip addresses on the block list from that country.

You can show blocked visitors a message which you can style by using CSS or you can redirect them to a page within your WordPress site. Or you can redirect the visitors to an external website.

You can (dis)allow visitors to blog articles, blog categories or pages or all content.

Stop visitors from doing harmful things on your WordPress site or limit the countries that can access your blog. Add an additional layer of security to your WordPress site.

This plugin uses the GeoLite database from Maxmind. It has a 99.5% accuracy so that is pretty good for a free database. If you need higher accuracy you can buy a license from MaxMind directly. If you cannot or do not want to download the GeoIP database from Maxmind you can use the GeoIP API website available on https://webence.nl/geoip-api/

If you want to use the GeoLite database from Maxmind you will have to download the GeoIP database from MaxMind directly and upload it to your site. The Wordpress license does not allow this plugin to download the MaxMind Geo database for you.

Please be aware that although this plugin can help you greatly with reducing the number of 'bad' visitors on your website it is not fool proof and those who really want to visit your site may find a away. This is not a security issue but a simple fact of today. Nobody can guarantee you 100% security as it is a constant battle between the good guys and the bad guys.

If you are sure your webhosting or yourself does not use any form of caching or proxying we recommend setting the "Override IP information" on the Home tab to REMOTE_ADDR

Do you need help with this plugin? Please email support@webence.nl.

GDPR Information

This plugin stores data about your visitors in your local WordPress database. The number of days this data is stores can be configured on the settings page. You can also disable logging any data.

Data which is stored of blocked visitors:

  • IP Address
  • Date and time of the visit
  • URL that was requested
  • Country of the IP address
  • If the block happened on your backend or your frontend

Data which is stored on non blocked visitors:

  • Nothing

If you allow tracking (yeah if you do!) you share some information with us. This is only the IP address of a blocked request on your backend. No other information is send and only the IP address is logged on our systems to gather how many times that IP address have attempted to login to a backend. We do not log which site was visited or which URL just only the IP address So we cannot lead an ip address back to a specific website or user. If an IP address is not blocked again within a month we will remove the IP address from the list.

If you use the GeoIP API service you send the IP address of your visitor to one of our servers. This IP Address is however in no way stored at our servers and only used to convert it to a country id.

Using this plugin with a caching plugin

Please note that many of the caching plugins are not compatible with this plugin. The nature of caching is that a dynamically build web page is cached into a static page. If a visitor is blocked this plugin sends header data where it supplies info that the page should not be cached. Many plugins however disregard this info and cache the page or the redirect. Resulting in valid visitors receiving a message that they are blocked. This is not a malfunction of this plugin.

Disclaimer: No guarantees are made but after some light testing the following caching plugins seem to work: Comet Cache, WP Super Cache Plugins that do NOT work: W3 Total Cache, Hyper cache, WPRocket


Releases (71 )

Version Release Date Change Log
1.2.19 2022-09-24
  • Fix: Small security issue fixed
  • Fix: Redirect to page fixed
1.2.18 2022-08-13
  • Fix: Small errors
1.2.17 2022-07-08
  • Fix: Other small error
1.2.16 2022-07-08
  • Fix: DBVERSION error
1.2.15 2022-07-07
  • Change: A lot of internal code changes to make it more in line of WordPress Best Practices
    • Change: Added Privacy Policy of GeoIP API / Admin API Key
    • Change: Added Terms of Use / Privacy Policy Of MaxMind
1.2.14 2022-06-07
  • Change: A lot of internal code changes to make it more in line of WordPress Best Practices
1.2.13 2022-03-15
  • Change: Altered import/export function to make it more secure
    • New: Added "Reset Counters" button to reset your total number of frontend / backend blocks.
1.2.12 2021-07-17
  • Change: Added/Changed some services.
  • Bugfix: Security issue fixed which could only be abused by people with administrator rights.
1.2.11 2021-03-10
  • Change: Minor UI fix
  • Change: Added some more checking if the visitors IP is an actual IPv4 or IPv6 address
  • Change: Updated README
1.2.10 2020-09-05
  • Change: Changed whitelist/blacklist to allow list / block list.
  • Change: Removed Paris as GeoIP location
  • Change: Added website server address to allow list of the backend to ensure certain WordPress functions keep working if you block the country your website is hosted from the backend.
1.2.9 2020-06-13
  • Change: Some codefixes applied
1.2.8 2020-05-13
  • Bugfix: Checking the IP address on the tools tab gave wrong information about countries being blocked if the "block countries below" function was used. This had no effect on the actual denying of visitors.
  • New: Added GeoIP API usage (not realtime) of the current month to the tools tab as beta function.
1.2.7 2020-05-07
  • Change: Typo in San Francisco (Thanks to Shizart)
  • New: Added France as GeoIP location
  • Change: Update to text description due to MaxMind update to Geo2Lite database policy
  • Bugfix: No empty location anymore (Thanks to Stonehenge Creations)
1.2.6 2019-08-12
  • Change: Added better support to detect if mbstring is available for usage.
1.2.5 2019-05-22
  • New: Mediapartners-Google service added
  • Change: Changed webserver ip detection a bit
  • New: You can unblock feed pages on the frontend configuration tab for the people who want to block visitors but want to allow access to the (RSS) feeds
1.2.4 2019-05-08
  • Change: Changed webserver ip detection a bit
1.2.3 2019-04-13
  • Change: Changed inverse option to that you have to select between 'Block countries selected below' or 'Block all countries except those selected below' as inverse option caused some confusion.
  • New: Added 'inverse' function to the pages selection as well. So you can now select the pages you want to block or select the pages you do not want to have blocked and block all other pages.
  • New: Added override function for IP detection.
  • Change: Cutoff for long urls on the statistics page.
1.2.2 2019-02-14
  • New: Added MOZ as service.
  • New: Added SEMrush as service.
  • New: Added SEOkicks as service.
  • New: Added EU2 and EU3 servers for GeoIP API
  • New: Added support for WPS Hide Login
  • Change: Deleted Asia server due to bad performance
  • Change: Altered behavior of flushing the buffer
1.2.1 2019-01-07
  • New: Added Link Checker (https://validator.w3.org/checklink) as service.
  • New: Added Dead Link Checker as a service.
  • New: Added Broken Link Check as a service.
  • New: Added Pingdom as a service
  • Change: Adjusted loading chosen library (Credits to Uzzal)
  • Change: Display error when only the legacy GeoIP database exists and not the new GeoIP2 version
1.2.0 2018-07-21
  • New: Added support for GeoIP2 country database
  • New: Added Pinterest as service
1.1.51 2018-06-08
  • New: Added new GeoIP API server in Florida
  • New: Added new GeoIP API server in Asia
1.1.50 2018-05-30
  • Bugfix: Fix for SQL error in rare conditions
  • New: Added AppleBot, Feedburner and Alexa to the services you can allow
  • Change: Added some more work for the upcoming GeoIP2 support.
1.1.49 2018-04-27
  • Change: Changed when the buffer is flushed (if selected) (Thanks to Nextendweb)
  • Change: Changed cleanup on debug logging table.
1.1.48 2018-04-03
  • Bugfix: Fixed small bug
1.1.47 2018-04-03
  • Change: You can now also enter IP Ranges in the black & whitelist in CIDR format.
  • Change: Altered logging clean up a little bit
1.1.46 2018-02-18
  • Bugfix: Added extra aiwop checking due to a notice error.
  • Change: Renamed Search Engines tab to Services tab as more non-search engines are added to the list.
  • New: Added Feedly to services.
  • New: Added Google Feed to services.
  • New: Changes are made for supporting the new GeoIP2 database format of MaxMind.
1.1.45 2017-08-30
  • Bugfix: (un)blocking individual pages and categories did not work anymore.
1.1.44 2017-08-28
  • Change: Removed Asia API Key server.
  • Change: Small change when frontend blocking is fired up.
  • Change: Adds server ip address (the IP address where your website is hosted) to the frontend whitelist so if you block the country your website is hosted it can still access wp-cron for instance.
1.1.43 2017-06-11
  • Change: Altered address for Asia API Key server
1.1.42 2017-05-16
  • Bugfix: Temp fix for some people who had issues being blocked from the backend.
1.4.41 2017-05-09
1.1.40 2017-03-07
  • Bugfix: Fix for bug in not blocking/allowing post types.
  • New: Moved GeoIP API to secure https
  • New: Logging DB optimization (Thanks to Arjen Lentz)
  • Change: Changed support option from forum to mail.
1.1.38 2016-11-24
  • Bugfix: Only shows warning of incompatible caching plugin if frontend blocking is on.
  • Change: Better error handling
1.1.37 2016-10-08
  • Change: Small adjustment to prevent wp_mail declaration as much as possible.
1.1.36 2016-10-07
  • Bugfix: Smashed bug on backend
1.1.35 2016-10-03
  • Change: Added WPRocket to list of caching plugins that are not compatible with iQ Block Country (thanks to Mike Reed for supplying the info)
  • New: Added Baidu to Search Engines list
  • New: Added Google Site Verification to the search engines list
  • New: Added Google Search Console to the search engines list
  • Change: Only displays warning about incompatible caching plugins in case frontend blocking is selected.
  • New: You can now also block individual post tags
  • Change: Fixed small security issue with downloading the statistics as CSV file (Thanks to Benjamin Pick for reporting)
1.1.34 2016-10-01
  • Change: Added WPRocket to list of caching plugins that are not compatible with iQ Block Country (thanks to Mike Reed for supplying the info)
  • New: Added Baidu to Search Engines list
  • New: Added Google Site Verification to the search engines list
  • New: Added Google Search Console to the search engines list
  • Change: Only displays warning about incompatible caching plugins in case frontend blocking is selected.
  • New: You can now also block individual post tags
  • Change: Fixed small security issue with downloading the statistics as CSV file (Thanks to Benjamin Pick for reporting)
1.1.33 2016-08-06
  • Bugfix: Bug smashed on tag page
1.1.32 2016-08-05
  • Bugfix: Bug smashed on tag page
1.1.31 2016-08-02
  • Change: Small changes in GeoIP API calls
  • New: A warning is displayed for known caching plugins that ignore the no caching headers.
  • Change: Small changes
  • Change: Moved some of the urls to https, more to follow.
  • New: Added option to block / unblock tag pages.
1.1.30 2016-05-01
  • Change: Added new GeoIP API location for Asia-Pacific region.
  • Change: Added some missing country icons.
1.1.29 2016-03-26
  • Change: Small changes in GeoIP API calls
  • New: Added database information to tools tab.
  • New: Added support for rename wp-login plugin
1.1.28 2016-02-16
  • Bugfix: Altered mysql_get_client_info check as in some setups this gave a fatal error.
  • New: Added Wordpress Jetpack as search engine. You can allow Jetpack to communicate with your site if you have Jetpack installed.
  • New: Added option to allow admin-ajax.php visits if you use backend blocking.
1.1.27 2016-02-01
  • Bugfix: Fixed small bug
1.1.26 2016-01-31
  • New: xmlrpc.php is now handled the same way as other backend pages.
  • Change: Updated chosen library to latest version.
  • Change: Added a (de)select all countries to the backend en frontend country list.
  • Change: Changed order of how the plugin detects the ip address.
  • Change: Added detection of more header info that can contain the proper ip address
  • New: Added support forum to the site.
  • Change: Added download urls on database is too old message.
1.1.25 2015-12-16
  • Bugfix: Altered checking for Simple Security Firewall
1.1.24 2015-12-14
  • New: Added support for Lockdown WordPress Admin
  • New: Added support for WordPress Security Firewall
  • Change: Various small changes
1.1.23 2015-10-07
  • Bugfix: Fixed bug if cURL was not present in PHP version
  • New: When local GeoIP database present it checks if database is not older than 3 months and alerts users in a non-intrusive way.
1.1.22 2015-10-03
  • Bugfix: Category bug squashed
  • Change: Altered text-domain
  • New: Added export of all logging data to csv. This exports max of 1 month of blocked visitors from frontend & backend.
1.1.21 2015-09-29
  • Minor improvements
  • Added check to detect closest location for GeoIP API users
  • Fixed an error if you lookup an ip on the tools tab while using the inverse function it sometimes would not display correctly if a country was blocked or not.
  • Added support for All in one WP Security Change Login URL. If you changed your login URL iQ Block Country will detect this setting and use it with your backend block settings.
1.1.20 2015-08-25
  • Added Google Ads to search engines
  • Added Redirect URL (Basic code supplied by Stefan)
  • Added inverse selection on frontend. (Basic code supplied by Stefan)
  • Added inverse selection on backend.
  • Validated input on the tools tab.
1.1.19 2015-03-13
  • Bugfix: Check if MaxMind databases actually exist.
  • New: Unzip MaxMind database(s) if gzip file is found.
  • New: Block post types
  • New: Added option to select if you want to block your search page.
  • New: When (re)activating the plugin it now adds the IP address of the person activating the plugin to the backend whitelist if the whitelist is currently empty.
1.1.18 2015-03-06
  • Changed working directory for the GeoIP database to /wp-content/uploads
1.1.17 2015-03-04
  • Due to a conflict of the license where Wordpress is released under and the license the MaxMind databases are released under I was forced to remove all auto downloads of the GeoIP databases. You now have to manually download the databases and upload them yourself.
  • Added Webence GeoIP API lookup. See http://geoip.webence.nl/ for more information about this API.
1.1.16 2014-12-30
  • New: Accessibility option. You can now choose if you want the country default selectbox or an normal selectbox.
  • New: New button to empty the logging database..
  • New: You can now set the option to not log the ip addresses to the database. This does not influence the blocking process only the logging process. This can be handy if the laws in your country do not permit you to log this information or if you choose not to log this information
1.1.15 2014-10-28
  • Bugfix: You can now set an option to buffer the output of the iQ Block Country plugin. If you use for instance NextGen Gallery you should not set this option as it will break uploading pictures to your gallery.
  • Bugfix: Last time GeoIP databases were downloaded was wrong.
  • Bugfix: If you configured auto-update of the GeoIP databases the tools tab showed that you did not configure auto update.
  • Added check for HTTP_X_TM_REMOTE_ADDR to get real ip address of T-Mobile users.
  • Added Twitter, Bitly, Cliqz and TinEye to the search engines list.
  • New: No longer blocks category pages of categories you have not blocked.
  • Bugfix: Added check if HTTP_USER_AGENT is set.
1.1.14 2014-09-02
  • Bugfix: The plugin did not recognise the login page when installed to a subdirectory.
  • New: You can configure if it auto updates the GeoIP Database. Upon request of those people who have the paid database of MaxMind.
  • Added Facebook and MSN to list of search engines.
  • Changed the version of the geoip.inc file to the version of https://github.com/daigo75/geoip-api-php
1.1.13 2014-08-03
  • Bugfix on setting defaults when they values already existed.
  • You can now allow search engines access to your country even if they come from countries that you want to block.
1.1.12 2014-06-01
  • Bugfix on the backend blacklist / whitelist
1.1.11 2014-05-30
  • Added select box on how many rows to display on the logging tab
  • Redirect blocked users to a specific page instead of displaying the block message.
  • Added blacklist and whitelist of IP addresses to the backend.
  • Adjusted some text
  • Minor bugfixes
1.1.9 2014-04-16
1.1.10 2014-04-16
  • Small fixes
  • WP 3.9 compatability issue fixed
1.1.8 2014-04-10
  • Smashed a bug where the homepage was unprotected due to missing check.
1.1.7 2014-04-10
  • Added Russian (ru_RU) translation by Maxim
  • Added Serbo-Croatian (sr_RU) translation by Borisa Djuraskovic (Webostinghub)
  • Changed the logging table a bit.
1.1.6 2014-04-09
  • Added to ban categories. This works the same way as blocking pages (By request of FVCS)
  • Changed the admin page layout. Added tabs for frontend and backend blocking to make it look less cluttered
  • Added optional tracking to the plugin. This is an experiment to see if building a database of IP addresses that try to login to the backend is viable.
  • Upon first activation the plugin now fills the backend block list with all countries except the country that is currently used to activate.
  • Added IP checking in header HTTP_CLIENT_IP and HTTP_X_REAL_IP
1.1.5 2014-02-25
  • Statistics required wp-config.php in a specific place bug smashed.
1.1.4 2014-02-12
  • Added import/export function.
  • Minor bugs solved
1.1.3 2014-01-16
  • Fixed error that when using the option to block individual pages all visitors would be blocked. (Thanks to apostlepoe for reporting)
1.1.2 2014-01-12
  • Fixed localization error. (Thanks to Lisa for reporting)
1.1.1 2014-01-10
  • You can now choose to block individual pages. Leaving other pages open for visitors from blocked countries. You can for instance use this feature to block countries from visiting specific pages due to content rights etc.
  • Source now supports localization. Included is the English and Dutch language. I'd be happy to include other translations if anyone can supply those to me.
1.1 2013-12-28
  • Added statistics to the plugin.
  • You can view the last 15 hosts that were blocked including the url they visited.
  • You can view the top 15 of countries that were blocked in the past 30 days.
  • You can view the top 15 of hosts that were blocked in the past 30 days.
  • You can view the top URL's that were most blocked in the past 30 days.