PluginsArmorProCitedProBoostPro
PricingDocsBlogAboutGet Started

Country Blocking

Allow or block access by country with geolocation.

Last updated Feb 3, 2025

How Country Blocking Works

Country blocking uses geolocation to determine where visitors are connecting from and can allow or block access based on their country. This is useful for:

  • Blocking countries that generate most of your attack traffic
  • Restricting access to specific regions for compliance reasons
  • Reducing server load from unwanted traffic

Important

Country blocking is not foolproof. Determined attackers can use VPNs to appear from allowed countries. Use it as one layer of defense, not your only protection.

Configuration

Go to ArmorPro → Country Blocking to configure.

Block Mode vs Allow Mode

Block Mode (default): Block specific countries, allow everyone else.

  • Good for: Blocking known sources of attacks
  • Example: Block Russia, China, allow everyone else

Allow Mode: Only allow specific countries, block everyone else.

  • Good for: Sites that only serve specific regions
  • Example: US-only site allows only United States

Selecting Countries

Click on country flags to toggle them. Selected countries will be blocked (in block mode) or allowed (in allow mode).

Countries are organized by region for easy selection. You can also search by country name.

What Gets Blocked

When country blocking is triggered:

  • The visitor sees a "blocked" message
  • The attempt is logged with country information
  • No WordPress code is executed (efficient blocking)

Bypass Options

Country blocking respects the IP whitelist. If you need to allow specific IPs from blocked countries (e.g., your own VPN), add them to the whitelist.

Geolocation Database

ArmorPro uses MaxMind's GeoLite2 database for accurate country detection. The database is:

  • Included with the plugin (no external API calls)
  • Updated regularly for accuracy
  • Privacy-friendly (no data sent to third parties)

Common Use Cases

Block High-Attack Countries

If your logs show most attacks come from specific countries where you have no legitimate visitors, blocking them can significantly reduce attack volume.

Regional Compliance

Some businesses are required to restrict access to certain regions for legal or compliance reasons.

Reduce Bot Traffic

Many automated bots operate from specific countries. Blocking these can reduce server load.

Limitations

  • VPNs and proxies: Users can bypass country blocking by using VPNs
  • Legitimate users abroad: Your customers traveling may be blocked
  • CDN considerations: If using a CDN, ensure the real visitor IP is passed correctly
  • Geolocation accuracy: While generally accurate, some IPs may be misidentified

Best Practices

  • Start with block mode: It's safer than allow mode
  • Review your logs first: See where attacks actually come from before blocking
  • Don't over-block: Only block countries you're confident have no legitimate users
  • Test thoroughly: Use a VPN to verify blocking works as expected
  • Keep whitelist updated: Add any legitimate IPs that need access
Previous← Passkey AuthenticationNextCustom Login URL →