Pascal

It is on the Geo2Lite page at the bottom: https://dev.maxmind.com/geoip/geoip2/geolite2/

You can signup for a free account and by logging into the account you can still download the GeoLite2-Country database file.

By default it blocks all pages but you can finetune that you want to allow some pages accessible on the pages tab. It will use the blocklist from the frontend tab.

You cannot define blocked countries on a per page level. So you cannot block countries from your entire site and unblock some on a specific page.

Hi,

If caching is done correctly it will only cache the frontend so the caching will not interfere with geo blocking on your backend.

If you have want to geo block the frontend and use a bad caching solution you might end up with a cached blocked message to all visitors. If you use a proper caching solution then only blocked visitors will get to see it. But visitors you want to block might also get to see the page from cache.

But that would not be relevant if you only want to protect your backend 🙂

Description

iQ Block Country is a plugin that allows you to limit access to your website content. You can either allow or disallow visitors from defined countries to (parts of) your content.

For instance if you have content that should be restricted to a limited set of countries you can do so.
If you want to block rogue countries that cause issues like for instance hack attempts, spamming of your comments etc you can block them as well.

Do you want secure your WordPress Admin backend site to only your country? Entirely possible! You can even block all countries and only allow your ip address.

And even if you block a country you can still allow certain visitors by whitelisting their ip address just like you can allow a country but blacklist ip addresses from that country.

You can show blocked visitors a message which you can style by using CSS or you can redirect them to a page within your WordPress site. Or you can redirect the visitors to an external website.

You can (dis)allow visitors to blog articles, blog categories or pages or all content.

Stop visitors from doing harmful things on your WordPress site or limit the countries that can access your blog. Add an additional layer of security to your WordPress site.

This plugin uses the GeoLite database from Maxmind. It has a 99.5% accuracy so that is pretty good for a free database. If you need higher accuracy you can buy a license from MaxMind directly.
If you cannot or do not want to download the GeoIP database from Maxmind you can use the GeoIP API website available on https://geoip.webence.nl/

If you want to use the GeoLite database from Maxmind you will have to download the GeoIP database from MaxMind directly and upload it to your site.
The WordPress license does not allow this plugin to download the MaxMind Geo database for you.

Do you need help with this plugin? Please email [email protected].
GDPR Information

This plugin stores data about your visitors in your local WordPress database. The number of days this data is stores can be configured on the settings page. You can also disable logging any data.

Data which is stored of blocked visitors:

IP Address
Date and time of the visit
URL that was requested
Country of the IP address
If the block happened on your backend or your frontend

Data which is stored on non blocked visitors:

Nothing

If you allow tracking (yeah if you do!) you share some information with us. This is only the IP address of a blocked request on your backend. No other information is send and only the IP address is logged on our systems to gather how many times that IP address have attempted to login to a backend. We do not log which site was visited or which URL just only the IP address So we cannot lead an ip address back to a specific website or user. If an IP address is not blocked again within a month we will remove the IP address from the list.
Using this plugin with a caching plugin

Please note that many of the caching plugins are not compatible with this plugin. The nature of caching is that a dynamically build web page is cached into a static page.
If a visitor is blocked this plugin sends header data where it supplies info that the page should not be cached. Many plugins however disregard this info and cache the page or the redirect. Resulting in valid visitors receiving a message that they are blocked. This is not a malfunction of this plugin.

Disclaimer: No guarantees are made but after some light testing the following caching plugins seem to work: Comet Cache, WP Super Cache
Plugins that do NOT work: W3 Total Cache, Hyper cache, WPRocket
FAQ

How come that I still see visitors from countries that I blocked in Statpress or other statistics software?
How come I still see visitors being blocked from other security plugins?

Other wordpress plugins handle the visitors also. They might run before iQ Block Country or they might run after iQ Block Country runs.

This however does not mean this plugin does not work, it just means somebody tried to access a certain page, post or your backend and another plugin also handled the request.

If you are worried this plugin does not work you could try to block your own country or your own ip address and afterwards visit your frontend website and see if it actually works. Also if you have access to the logfiles of the webserver that hosts your website you can see that these visitors are actually denied with a HTTP error 403.

Ah I’m sorry I missed this update. The support mail address is listed on the settings page(s) of the plugin.

Feel free to send me mail if you have any (future) issues.

Are you sure the correct database is downloaded?

Thank you for replying. Tea also contacted the support desk with this question and also got an answer from there.

Even better would be to use PHP 7.2 or higher. 5.6 and 7.0 are not supported by PHP anymore, 7.1 only with security fixes until the end of the year