How to block countries in WordPress

7 Min Read

Every website operator knows the examples: your entire response row is full of Russian comment spam. And then there are Ukrainian, Chinese or Indian hackers who try to hack your site. With two plugins you can block visitors from certain countries in WordPress. That also saves you Russian spam and hackers.

Wordfence is one of the most important WordPress security plugins for me. I use the free version of Wordfence on my own sites and sites that I build for clients. With the free version of Wordfence, you can easily set up a firewall for your website. You can also have the plugin automatically scan your site in the background for changes in files. The plugin compares the original WordPress files with the files on your site. If there is a difference, it may be that a hacker has managed to gain access to your server files. You will then receive an email.

Block countries in WordPress

In the paid version of Wordfence, you can also block visitors from certain countries. But for that, I use another plugin: iQ Block Country. It is free and offers more options. For example, you can select whether you block certain pages, tag pages, and post types and categories for certain countries. In another tab, you can check which search engines you want to allow. This allows a search engine to index your site, even if it comes from a country that you have blocked.

Block visitors from Russia and Ukraine

So it’s no use for visitors from Russia, Ukraine, Korea, or some corrupt tax haven. My sites do not need to be indexed by Chinese search engines, preferably not even. I block my sites for visitors and search engines from such countries. That immediately saves a lot of comment spam, which often also originates from those countries. The single Dutch-speaking emigrant who lives in those countries and wants to visit my sites is out of luck. But visitors from many other countries are welcome.

Block your site login page for certain countries

But iQ Block Country has another big plus: you can vary the settings of the front and back of your site. The front, the part of the website visible to everyone, is less strictly closed than the back, the login page. You can actually block the back of your site for all countries in the world, except of course for the Netherlands. After all, only registered users have a business there. You can only make exceptions if you are often abroad or you work with editors who live abroad. But even then you can still block the login pagina of your site for many countries.

If you accidentally blocked the login page of your site, you can disable the plugin via FTP.

IQ Block Country in practice

I tested the iQ Block Country plugin on one of my sites for a couple of weeks and the results are not obvious. After just one day, I saw Russian, Romanian, Chinese, and Ukrainian hackers appear through the Statistics tab. They had tried to access the login page and find out author IDs. That was an unexpected insight, but in itself can be explained. If you know an author ID, you can try to find out a login name. Read here how to change the author ID.

Furthermore, the plugin immediately blocked the affected hosts and IP addresses of the hackers. Comment spam? I no longer suffer from it. In fact, I’m even considering removing Akismet, the spam blocker. After all, that saves code in your website.

Disadvantages of iQ Block Country

iQ Block Country does have two drawbacks. The first drawback is that a fairly large GeoIP file has to be placed on your server. To do this, you have to unzip a supplied zip file and put it on your server via FTP in the Uploads folder (/ wp-content / uploads / to be precise). This GeoIP file contains all IP addresses per country. Precisely because there are many countries and many more IP addresses, it is impossible to manually add all those addresses to, for example, your htaccess file. Blocking visitors from certain countries via htaccess, therefore, does not work.

I think the second disadvantage of iQ Block Countries is a bit more serious. I got a lower score in Google Pagespeedtester. I suspect this is in the extra javascript that needs to be loaded. It only saved a few points and I think the advantages of the plugin outweigh the disadvantages. Blocking visitors from certain countries will save you some security headaches, although this plugin won’t stop everything either.

Below you can read the step-by-step installation of Wordfence and iQ Block Country.

Total time required 30 minutes

This way you can block countries in WordPress

There are various plugins with which you can protect your website against foreign hackers. With the paid version of Wordfence and with the free version of iQ Block Country you can protect your site against hackers.

Install one of the plugins

Install Wordfence or iQ Block Country or both. They can be downloaded from the WordPress repository.

Activate Wordfence and go through all the steps

Activate Wordfence and go through all the steps the plugin gives you. You can only block countries with the paid version. But the free version is also a ‘must-have’.

Activate iQ Block Country

Activate iQ Block Country at your plugin tab. Download the GeoIP2 Country database from, unzip it and upload the file GeoLite2-Country.mmdb via FTP to your uploads folder at your server.

Check the countries you want to block

You can then specify which countries you want to block via the plugin settings. You can set separate blocks for the front and the back of your site. Never block your own country, because then you can no longer access your site yourself!

Share this Article
1 Comment

Leave a Reply