Wednesday, May 30, 2018

IP2Location WordPress Plugin

There are three things that sent me in search of this plugin:
  1. Europe's new GDPR only applies to websites that target European Union countries. (GDPR= the General Data Protection Regulation.  It is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU.)
  2. I've attended two WordPress Meetups where GDPR was discussed.
    • In the first meeting, GDPR was briefly discussed. The bottom line was "if you're not doing business in Europe then don't worry about it."
    • In the first hour of the 2nd WP meetup the speaker shared what her research had found. While she acknowledged that GDPR is not here now, we should be aware of it anyway. She said that California is already considering something similar.
  3. Constant attacks from outside the US on my websites; several times WordFence has reported that they've blocked failed/bogus user attempts. In new sites, spurious comments have been installed.

A passing comment at the GDPR meetings was that some US webmasters are simply blocking IP addresses outside the US, and that it could be done in WordPress by plugins.

So, the search was on to find that plugin for me!

The first plugin I considered was WordFence. The Premium version does allow blocking by country! But Wordfence premium starts at $99 for one year for one site, and gets heavily discounted as you add sites or years. (Example: Wrodfence gives a 37% discount on 3 sites for 2 years ~ but that's still requires a payment of $371 up front.)

Next, I Googled "WordPress Plugin security block country" and it returned two sites that I visited:

10 Best WordPress Plugin to Block Countries (
  1. iQ Block Country
  2. IP Geo Block
  3. IP2Location Country Blocker
  4. Country IP Specific Redirections
  5. Geo Block
  6. WP GEO Website Protection
  7. Wordfence Security
  8. Centrora Security
  9. Geolify
  10. Admin Block Country
 Top WordPress Plugins to Block Countries And IP addresses(
  1. Country and Mobile Redirect for WordPress
  2. Swift Security
  3. iQ Block Country
  4. GeoTargeting Lite
  5. WordFence
  6. IP2Location Country Blocker
  7. IP Geo Block
Only 4 plugins showed up on both review sites, and I've already looked at WordFence.

iQ Block Country (By Pascal) is in the WordPress repository. In May 2018 it had 30,000+ active installations and was updated today. The plugin redirects you to another site to download a file of IP addresses before you even activate the plugin. Too complicated on first reading.

IP Geo Block (By tokkonopapa) is in the WordPress repository. In May 2018 it had 30,000+ active installations and was updated 1 week ago. The description lists a LOT of features (Guard against login attempts, minimize server load for brute force attacks, prevents malicious uploading/downloading, etc.). Down the list is Multiple source of IP Geolocation databases, where it references MaxMind GeoLite2 free databases and IP2Location LITE databases. Apparently it has a broad stroke and has stiletto settings. I'm not sure how much of the extra "stuff" I need. Too many extra features.

I finally installed IP2Location Country Blocker (By IP2Location) is in the WordPress repository. In May 2018 it had only 4,000+ active installations and was updated today. I also installed several additional plugins with the same "first" name, but I didn't activate them. As I read their descriptions, I will ultimately uninstall of them:

  • IP2Location Country Blocker ~ Block visitors from accessing your website or admin area by their country.
  • IP2Location Hello Greeting ~ Displays the Hello greeting message in visitor's native language based on visitor's origin country.
  • IP2Location Redirection ~ Redirect visitors by their country.
  • IP2Location Tags ~ Enable you to use IP2Location tags to customize your post content by country.
  • IP2Location Variables ~ A library that enables you to use IP2Location variables to display and customize the contents by country in pages, plugins, or themes.

My test site is a 2-week-old site filled with Ipsum content, and probably not even crawled by Google!

After installing IP2Location, I downloaded/installed/activated the IP database and configured countries for both the front-end and back-end visitors.

If it ran a week, I was not really surprised to see what had been blocked (the darker shade shows the back-end attacks):

And, of course, the attempted logins were coming from all over the world:

Finally, there is a IP2Location Widget That displays the geolocation information of the visitor who is visiting your website. I'm not sure where or how I'm going to use this.

Finally, I can build a page where blocked customers can be directed. On this page I can/will put

  • An announcement that all other countries are blocked but that exceptions can be made. 
  • A contact form for potential visitors to send me an email requesting access

No comments:

Post a Comment