iQ Block Country, the wordpress plugin that blocks countries for you.

iQ Block Country, the wordpress plugin that blocks countries for you.

iQ Block Country is a WordPress plugin that allows you to block visitors based on from which country they are from or which IP address they are from.

This plugin is tested up to WordPress 4.4.2, there are no guarantees that this version will work on (much) older versions. However if you run into problems with an older version of WordPress do not hesitate to contact me. In fact if you run into problems, have issues, have questions or just any comment at all just leave them in the comment fields or contact me via mail or the contact form.

Latest version: 1.1.31

If you would like to contribute or donate to this plugin please visit this page.


iQ Block Country is a plugin that allows you to limit access to your website content.
You can either allow or disallow visitors from defined countries to (parts of) your content.

For instance if you have content that should be restricted to a limited set of countries you can do so.
If you want to block rogue countries that cause issues like for instance hack attempts, spamming of your comments etc
you can block them as well.

Do you want secure your WordPress Admin backend site to only your country? Entirely possible! You can even
block all countries and only allow your ip address.

And even if you block a country you can still allow certain visitors by whitelisting their ip address just
like you can allow a country but blacklist ip addresses from that country.

You can show blocked visitors a message which you can style by using CSS or you can redirect them to a page
within your WordPress site. Or you can redirect the visitors to an external website.

You can (dis)allow visitors to blog articles, blog categories or pages or all content.

Stop visitors from doing harmful things on your WordPress site or limit the countries that can access your
blog. Add an additional layer of security to your WordPress site.

This plugin uses the GeoLite database from Maxmind. It has a 99.5% accuracy so that is pretty good for a free database. If you need higher accuracy you can buy a license from MaxMind directly.
If you cannot or do not want to download the GeoIP database from Maxmind you can use the GeoIP API website available on

If you want to use the GeoLite database from Maxmind you will have to download the GeoIP database from MaxMind directly and upload it to your site.
The WordPress license does not allow this plugin to download the MaxMind Geo database for you.

Using this plugin with a caching plugin

Please note that many of the caching plugins are not compatible with this plugin. The nature of caching is that a dynamically build web page is cached into a static page.
If a visitor is blocked this plugin sends header data where it supplies info that the page should not be cached. Many plugins however disregard this info and cache the
page or the redirect. Resulting in valid visitors receiving a message that they are blocked. This is not a malfunction of this plugin.

Disclaimer: No guarantees are made but after some light testing the following caching plugins seem to work: Comet Cache, WP Super Cache
Plugins that do NOT work: W3 Total Cache, Hyper cache


1. Unzip the archive and put the `iq-block-country` folder into your plugins folder (/wp-content/plugins/).
2. Download the IPv4 database from:
3. Unzip the GeoIP database and upload it to your upload dir usually /wp-content/uploads/GeoIP.dat
4. Download the IPv6 database if you have a website running on IPv6 from:
5. Unzip the GeoIP database and upload it to your upload dir usually /wp-content/uploads/GeoIPv6.dat
6. If you do not want to or cannot download the MaxMind GeoIP database you can use the GeoIP API.
7. Activate the plugin through the ‘Plugins’ menu in WordPress
8. Go to the settings page and choose which countries you want to ban. Use the ctrl key to select multiple countries

Frequently Asked Questions

How come that I still see visitors from countries that I blocked in Statpress or other statistics software?

It’s true that you might see hits from countries that you have blocked in your statistics software.

This however does not mean this plugin does not work, it just means somebody tried to access a certain page or pages and that that fact is logged.

If you are worried this plugin does not work you could try to block your own country or your own ip address and afterwards visit your frontend website and see if it actually works. Also if you have access to the logfiles of the webserver that hosts your website you can see that these visitors are actually denied with a HTTP error 403.

How come I still see visitors being blocked from other security plugins?

Other wordpress plugins handle the visitors also. They might run before iQ Block Country or they might run after iQ Block Country runs.

This however does not mean this plugin does not work, it just means somebody tried to access a certain page, post or your backend and another plugin also handled the request.

If you are worried this plugin does not work you could try to block your own country or your own ip address and afterwards visit your frontend website and see if it actually works. Also if you have access to the logfiles of the webserver that hosts your website you can see that these visitors are actually denied with a HTTP error 403.

This plugin does not work, I blocked a country and still see visitors!

Well, this plugin does in fact work but is limited to the data MaxMind provides. Also in your statistics software or logfiles you probably will see log entries from countries that you have blocked. See the “How come I still see visitors…” FAQ for that.

If you think you have a visitor from a country you have blocked lookup that specific IP address on the tools tab and see which country MaxMind thinks it is. If this is not the same country you may wish to block the country that MaxMind thinks it is.

Whoops I made a whoops and blocked my own country from visiting the backend. Now I cannot login… HELP!

I am afraid this can only be solved by editing your MySQL database,directly editing the rows in the wp_options table. You can use a tool like PHPMyAdmin for that.

If you don’t know how to do this please ask your hosting provider if they can help, or ask me if I can help you out!

Why do you not make something that can override that it blocks my country from the backend.

Well, if you can use a manual override so can the people that want to ‘visit’ your backend.

This plugin is meant to keep people out. Perhaps you keep a key to your house somewhere hidden in your garden but this plugin does not have a key somewhere hidden… So if you locked yourself out you need to call a locksmith (or pick the lock yourself of course!)

How can I style the banned message?

You can style the message by using CSS in the textbox. You are also able to include images, so you could visualize that people are banned from your site.

You can also provide a link to another page explaining why they might be banned. Only culprit is that it cannot be a page on the same domain name as people would be banned from that page as well.

You can use for instance:


Go away!

you basicly can use everything as within a normal HTML page. Including images for instance.

Does this plugin also work with IPv6?

Since v1.0.7 this plugin supports IPv6. IPv6 IP addresses are more and more used because there are no new IPv4 IP addresses anymore.

If your webhosting company supplies your with both IPv4 and IPv6 ip addresses please also download the GeoIPv6 database or use the GeoIP API service.

If your webhosting company does not supply an IPv6 IP address yet please ask them when they are planning to.

Why is the GeoLite database not downloaded anymore ?

The WordPress guys have contacted me that the license of the MaxMind GeoLite database and the WordPress license conflicted. So it was no longer
allowed to include the GeoLite database or provide an automatic download or download button. Instead users should download the database themselves
and upload them to the website.

WordPress could be held liable for any license issue. So that is why the auto download en update was removed from this plugin.

Does this plugin work with caching?

In some circumstances: No

The plugin does it best to prevent caching of the “You are blocked” message. However most caching software can be forced to cache anyway. You may or may not be able to control the behavior of the caching method.

The plugin does it bests to avoid caching but under circumstances the message does get cached.
Either change the behavior of your caching software or disable the plugin.

How can I select multiple countries at once?

You can press the CTRL key and select several countries.

Perhaps also a handy function is that you can type in a part of the name of the country!

You can select/deselect all countries by selecting “(de)select all countries…”

If you just want to allow some countries you can also use the invert function by selecting the countries you want to allow and select invert this selection.

How can I get a new version of the GeoIP database?

You can download the database(s) directly from MaxMind and upload them to your website.

1. Download the IPv4 database from:
2. Unzip the GeoIP database and upload it to your upload dir usually /wp-content/uploads/GeoIP.dat
3. Download the IPv6 database if you have a website running on IPv6 from:
4. Unzip the GeoIP database and upload it to your upload dir usually /wp-content/uploads/GeoIPv6.dat

Maxmind updates the GeoLite database every month.

I get “Cannot modify header information – headers already sent” errors

This is possible if another plugin or your template sends out header information before this plugin does. You can deactivate and reactivate this plugin, it will try to load as the first plugin upon activation.

If this does not help you out deselect “Send headers when user is blocked”. This will no longer send headers but only display the block message. This however will mess up your website if you use caching software for your website.

This also does not work if you use a page or url redirect as that relies on sending headers for redirecting the visitor to another page or URL.

What data get sends to you when I select “Allow tracking”?

If you select this option each hour the plugin checks if it has new data to send back to the central server.

This data consists of each IP address that has tried to login to your backend and how many attempts were made since the last check.

Goal of this feature is to check if we can create a user-driven database of rogue IP addresses that try to login to the backend.

If storing or sharing an IP address is illegal in your country do not select this feature.

The laws in my country do not allow storing IP addresses as it is personal information.

You can select the option on the home tab “Do not log IP addresses” to stop iQ Block Country from logging IP addresses. This will however also break the statistics.

I have moved my WordPress site to another host. Now iQ Block Country cannot find the GeoIP databases anymore =

Somewhere in your WordPress database there is a wp_options table. In the wp_options table is an option_name called ‘upload_path’.

There probably is an (old) path set as option_value. If you know your way around MySQL (via PHPMyAdmin for instance) you can empty the option_value.
This should fix your problem.

Please note that your wp_options table may be called differently depending on your installation choices.

Jetpack does not work anymore with your plugin!

Jetpack uses xmlrpc.php to communicate with your site. xmlrpc.php is considered as a backend url and therefore blocked if needed.

You can allow Jetpack by selecting “Jetpack” as a search engine on the search engines tab.



  • Change: Small changes in GeoIP API calls
  • New: A warning is displayed for known caching plugins that ignore the no caching headers.
  • Change: Small changes
  • Change: Moved some of the urls to https, more to follow.
  • New: Added option to block / unblock tag pages.


  • Change: Added new GeoIP API location for Asia-Pacific region.
  • Change: Added some missing country icons.


  • Change: Small changes in GeoIP API calls
  • New: Added database information to tools tab.
  • New: Added support for rename wp-login plugin


  • Bugfix: Altered mysql_get_client_info check as in some setups this gave a fatal error.
  • New: Added WordPress Jetpack as search engine. You can allow Jetpack to communicate with your site if you have Jetpack installed.
  • New: Added option to allow admin-ajax.php visits if you use backend blocking.

= 1.1.27 =

* Bugfix: Fixed small bug

= 1.1.26 =

* New: xmlrpc.php is now handled the same way as other backend pages.
* Change: Updated chosen library to latest version.
* Change: Added a (de)select all countries to the backend en frontend country list.
* Change: Changed order of how the plugin detects the ip address.
* Change: Added detection of more header info that can contain the proper ip address
* New: Added support forum to the site.
* Change: Added download urls on database is too old message.

= 1.1.25 =

* Bugfix: Altered checking for Simple Security Firewall

= 1.1.24 =

* New: Added support for Lockdown WordPress Admin
* New: Added support for WordPress Security Firewall (Simple Security Firewall)
* Change: Various small changes


* Bugfix: Fixed bug if cURL was not present in PHP version
* New: When local GeoIP database present it checks if database is not older than 3 months and alerts users in a non-intrusive way.

= 1.1.22 =

* Bugfix: Category bug squashed
* Change: Altered text-domain
* New: Added export of all logging data to csv. This exports max of 1 month of blocked visitors from frontend & backend.

= 1.1.21 =

* Change: Minor improvements
* New: Added check to detect closest location for GeoIP API users
* Bugfix: Fixed an error if you lookup an ip on the tools tab while using the inverse function it sometimes would not display correctly if a country was blocked or not.
* New: Added support for All in one WP Security Change Login URL. If you changed your login URL iQ Block Country will detect this setting and use it with your backend block settings.

= 1.1.20 =

* New: Added Google Ads to search engines
* New: Added Redirect URL (Basic code supplied by Stefan)
* New: Added inverse selection on frontend. (Basic code supplied by Stefan)
* New: Added inverse selection on backend.
* New: Validated input on the tools tab.

= 1.1.19 =

* Bugfix: Check if MaxMind databases actually exist.
* New: Unzip MaxMind database(s) if gzip file is found.
* New: Block post types
* New: Added option to select if you want to block your search page.
* New: When (re)activating the plugin it now adds the IP address of the person activating the plugin to the backend whitelist if the whitelist is currently empty.

= 1.1.18 =

* Changed working directory for the GeoIP database to /wp-content/uploads

= 1.1.17 =

* Due to a conflict of the license where WordPress is released under and the license the MaxMind databases are released under I was forced to remove all auto downloads of the GeoIP databases. You now have to manually download the databases and upload them yourself.
* Added Webence GeoIP API lookup. See for more information about this API.

= 1.1.16 =

* New: Accessibility option. You can now choose if you want the country default selectbox or an normal selectbox.
* New: New button to empty the logging database..
* New: You can now set the option to not log the ip addresses to the database. This does not influence the blocking process only the logging process. This can be handy if the laws in your country do not permit you to log this information or if you choose not to log this information

= 1.1.15 =

* Bugfix: You can now set an option to buffer the output of the iQ Block Country plugin. If you use for instance NextGen Gallery you should not set this option as it will break uploading pictures to your gallery.
* Bugfix: Last time GeoIP databases were downloaded was wrong.
* Bugfix: If you configured auto-update of the GeoIP databases the tools tab showed that you did not configure auto update.
* Added check for HTTP_X_TM_REMOTE_ADDR to get real ip address of T-Mobile users.
* Added Twitter, Bitly, Cliqz and TinEye to the search engines list.
* New: No longer blocks category pages of categories you have not blocked.
* Bugfix: Added check if HTTP_USER_AGENT is set.

= 1.1.14 =

* Bugfix: The plugin did not recognise the login page when installed to a subdirectory.
* New: You can configure if it auto updates the GeoIP Database. Upon request of those people who have the paid database of MaxMind.
* Added Facebook and MSN to list of search engines.
* Changed the version of the file to the version of

= 1.1.13 =

* Bugfix on setting defaults when they values already existed.
* You can now allow search engines access to your country even if they come from countries that you want to block.

= 1.1.12 =

* Bugfix on the backend blacklist / whitelist

= 1.1.11 =

* Added select box on how many rows to display on the logging tab
* Redirect blocked users to a specific page instead of displaying the block message.
* Added blacklist and whitelist of IP addresses to the backend.
* Adjusted some text
* Minor bugfixes

= 1.1.10 =

* Small fixes
* WP 3.9 compatability issue fixed

= 1.1.9 =

* Bugfix release due to faulty v1.1.8 release. My Apologies.

= 1.1.8 =

* Smashed a bug where the homepage was unprotected due to missing check.

= 1.1.7 =

* Added Russian (ru_RU) translation by Maxim
* Added Serbo-Croatian (sr_RU) translation by Borisa Djuraskovic (Webostinghub)
* Changed the logging table a bit.

= 1.1.6 =
* Added to ban categories. This works the same way as blocking pages (By request of FVCS)
* Changed the admin page layout. Added tabs for frontend and backend blocking to make it look less cluttered
* Added optional tracking to the plugin. This is an experiment to see if building a database of IP addresses that try to login to the backend is viable.
* Upon first activation the plugin now fills the backend block list with all countries except the country that is currently used to activate.
* Added IP checking in header HTTP_CLIENT_IP and HTTP_X_REAL_IP

= 1.1.5 =

* Statistics required wp-config.php in a specific place bug smashed.

= 1.1.4 =

* Added import/export function.
* Minor bugs solved

= 1.1.3 =

* Fixed error that when using the option to block individual pages all visitors would be blocked. (Thanks to apostlepoe for reporting)

= 1.1.2 =

* Fixed localization error. (Thanks to Lisa for reporting)

= 1.1.1 =

* You can now choose to block individual pages. Leaving other pages open for visitors from blocked countries. You can for instance use this feature to block countries from visiting specific pages due to content rights etc.
* Source now supports localization. Included is the English and Dutch language. I’d be happy to include other translations if anyone can supply those to me.

= 1.1 =

* Added statistics to the plugin.
* You can view the last 15 hosts that were blocked including the url they visited.
* You can view the top 15 of countries that were blocked in the past 30 days.
* You can view the top 15 of hosts that were blocked in the past 30 days.
* You can view the top URL’s that were most blocked in the past 30 days.

= 1.0.12 =

* The block message size box is now larger so there is more room for styling the message.
* Whitelist of IPvX IP addresses for the frontend. Use a semicolon to separate IP addresses.
* Blacklist of IPvX IP addresses for the frontend. Use a semicolon to separate IP addresses.

= 1.0.11 =

* You are now able to lookup which country belongs to an ip address in the backend. If the IP address is from a country that is banned this will be displayed.
* New way of selecting countries you wish to block upon multiple request. The selection box is now in sort of facebook style.
* Choose if you want to sent out headers or not. For people who get “Cannot modify header information – headers already sent” errors.
* Counter added for how many visitors where blocked from frontend and backend website.
* Code cleanup

= 1.0.10 =

* You can select different countries to block from your frontend website and your backend website.
* Made it more visible what IP you are logged in from, which country it is from and that you should not block your own country from your backend site.
* Minor changes to the settings page.
* A bit of code cleanup for future improvements.

= 1.0.9 =

* Bugfix release. The backend was not blocked in multi-site (network) setup.

= 1.0.8 =
* Automatically download new GeoIP updates from Maxmind. This is checked each time you login on the WordPress admin site (Code by williewonka)
* Also block login attempts to the wp-admin site (Code by williewonka)
* Send no cache headers with the output.

= 1.0.7 =
* The plugin now detects if your IP address is blocked by MaxMind when downloading the GeoIP database and if so has an adjusted error message.
* New option: New checkbox to allow you to not block users that are logged in despite if they come from a blocked country. Use wisely πŸ™‚
* First version of IPv6 support.
* New Download IPv6 database button. Press “Download new GeoIP IPv6 database” if you need IPv6 support.

= 1.0.6 =
* Fixed error when not being able to download the GeoIP.dat.gz file from Maxmind it would not display the correct path.

= 1.0.5 =
* Corrected php opening tags (Reported by Phil from
* Sorted list of countries (As suggested by Phil from
* You can now customize the message that users get when they are blocked.
* We moved from to Please update your links πŸ™‚

= 1.0.4 =
* Added a button to download the new GeoIP database.

= 1.0.3 =
* FAQ updated
* Try to make sure this plugin is loaded first to avoid “headers already sent” trouble.

= 1.0.2 =
* PHP 5.2 or higher required
* Fixed an include bug when other plugins also use the MaxMind database. Thanks to Marcus from LunaWorX for finding this bug.

= 1.0.1 =
* Included the necessary file.. *duh*

= 1.0 =
* Initial release

Upgrade Notice

= 1.1.18 =

This plugin no longer downloads the MaxMind database. You have to download manually or use the GeoIP API.


You can download this plugin from the WordPress Plugin site:

Planned features

  • Block wp-comments
  • Allow human visitors to pass on the frontend.

Feature requests

If you miss a certain feature or if you would like to see something else changed or added please let me know. I am open to any suggestion that may improve this plugin.


Please leave a (positive or negative) review at theΒ  WordPress plugin site this will not only be able to help me but also other users deciding if this is plugin is something for their wordpress site.

Only thing I ask you to do when you leave a negative review is first read the Frequently Asked Questions.

Old page

This is a new page for this plugin. The old one can still be found here.

188 thoughts on “iQ Block Country, the wordpress plugin that blocks countries for you.

  1. Pascal

    Hi all,

    With v1.1 I decided it was time for a new post about the iQ Block Country Plugin. Also to keep comments clean and readable it was time for a new post.

    So please post all your questions, remarks, suggestions and other stuff down here!

    1. Love the plugin. It has saved me many headaches from would-be attackers. However, just in the last 30 days I’ve been inundated with robots from China and Ukraine attacking my website admin. Any ideas? I’ve given up adding all the IP addresses.
      Thanks again in advance!

      1. Just add the Ukraine and Chine to the blacklist πŸ™‚ That is what I’ve done.

    2. drusixtynine

      Hi there and thanks for this plugin
      I have a suggestion though, it could be nice to be able to have a whitelist of countries for the backend, instead of a blacklist where we need to add countries one by one
      Or another solution could be to “select all countries except home country”
      That’s it

      1. I prefer a whitelist option, too. Few of my websites have legitimate visitors outside the Anglosphere (US, Canada, UK, Australia). I’d like all other foreign traffic redirected to a highly-secured page to allow entry.

      2. That would be nice yes. The plugin started as a plugin to block some countries.So ‘back in the days’ one would not block all countries except a few but these days the use of this plugin shifted towards block all but a few πŸ™‚

        I’ll see what I can do.

        1. Greg

          That would be awesome. Much simpler. Just white-list the allowed countries. Thank you

        2. drusixtynine

          At least for the admin part, would be great!!!

    3. Hi Pascal,

      Love your plugin. I have a suggestion: can you please do a whitelist which is allow to paste IP ranges? for example:

      1. Hi.

        Great plugin.
        I also need to whitelist a IP range, any solutions ?


    4. Hi,

      Love the plugin, But I ran in to a small problem that’s going on since a few weeks.
      I can login from my home computer but my laptop (same IP) gets blocked?

      Any thoughts?

      Best regards Gerard

      1. never mind, deleted it since it blocked my hom computer also. And no, The netherlands weren’t blocked.

    5. Hi Pascal,

      Thanks for your great work, IQ block works perfectly for me, but I need to do something little bit complicated and I cant figure it out.

      1. I need to block HK completely with message in message box to display (I did already and it’s fine)
      2. I want to block Australia, China, US and Canada but redirecting to the blank page without message.

      I thought I can use IQ for blocking HK and blocking the rest through Godaddy hosting but I couldn’t.

      Can you please help me how I can do that (Simple way please)?

      Many thanks,


    6. Great plugin.

      Is it supported on WordPress hosted on Microsoft Azure (using IIS rather than Apache)?

      1. Hi Andy,

        It probably works on IIS as well. The only thing that is known not to be working on Windows is the import/export function.

        1. Thanks.

          We’ve set it up on an Azure site and have tried blocking several countries. Using a VPN service dialled in to one of those countries we are still able to access the site from an IP address that MaxMind correctly identifies as in that country.

          The main thing we want to block access to is wp-comments-post.php as we’re getting hundreds of spam comments from IP addresses in China. We’d rather block the traffic early rather than just spam filtering.

  2. Many thanks for the new version! Nice logging.

    Interesting is that my Wordfence plugin was able to log attempted logins from blocked countries with the earlier version of iQ Block. Wordfence also showed what username was used. Now Wordfence shows nothing.

  3. Ryan

    Any luck with the statcomm incompatibility yet? Love the plugin!

    1. Hi Ryan,

      In a prior version I made some changes that resolves some conflicts with other plugins that also use this GeoIP database by maxmind. This may as well have resolved any issues with Statcomm. I have not tested it though.

  4. Ryan

    Just tried it, no go. Guess I need to decide which one is more necessary.

    1. Fixing the incompatibility with statcomm is not as easy within iQ Block Country. I can give you pointers to fix it within statcomm if you are comfortable with that πŸ™‚

      1. Ryan

        Absolutely comfortable. Just not knowledgeable enough to know where to begin.

      2. Ryan

        I’d love those pointers, if possible. Thanks!

  5. I found, installed and activated your product. But I don’t see any Settings button. So, right now, it is sitting there quite uselessly and I am getting ready to UNinstall it. I was looking for a simple product, not one which I (as a non-geek) would have to mess with in order for it to work.

    1. The settings page should appear under the settings page together with for instance “Reading”, “Writing”, “Permalinks”, “General”.

      If you don’t see this page there you have a curious problem that I would be interested in finding out why.

  6. Rashid

    Using it in combination with “Limit Login Attempts” – seems to be a good combination.

    1. Pascal

      And you use it I believe also with generic ip blocks within the htaccess file?

  7. Pascal

    Currently I am working on being able to block pages. So you can block only pages you do not want certain countries to visit. For instance due to content rights.

    As more and more features are added to the options page I am also adding localization. So if anyone would like to translate it to their own language I would gladly accept any help :-). Only thing you need it being able to install POedit and some time πŸ™‚

  8. Rashid

    Si! It seems the combination of (1) htaccess + (2) limit login + (3) iQ Block Country works fine, no errors or “leaks”. Impact on serverload is still to be determined.


    Please let me know how to change banned message or put image on it.
    I tried it but I couldn’t do it.
    In FAQ, do it in CSS… it doesn’t not have ‘id’ or ‘class’.. just ..
    How can I put ‘id’ on it?

  10. Lisa


    I just updated to version 1.1.1 and found a small problem. Under the column for frontend/backend on the logging page it now says “Voorkant” instead of “frontend.” Everything else on the page is in English and I don’t know why only one word came up in Dutch.

    This probably has something to do with the inclusion of a Dutch translation in version 1.1.1., but since I’m not a programmer, I wasn’t sure if it was indicative of a problem with the localization feature, so I thought I would bring it to your attention.

    Other than this small issue, the plugin is working well on my WordPress 3.8 installation.

    1. Hi Lisa,

      Thank you for catching my error. There was indeed some Dutch included in the sourcecode. This is fixed in v1.1.2 πŸ™‚

  11. Hello, I’ve updated to the latest version and I’m using wordpress 3.8. The plugin doesn’t seem to be working properly. I’m checking to see if I can access my site through a different IP address from another country, and it still shows up as blocked although its not in the block list. I am using a program callled VPN4ALL to assign different IP’s to my computer.

    1. Hi, Please under the tools tab look up the ip address you come from. It will tell you which country the database thinks it comes from and if that country is blocked from visiting the frontend or backend.

  12. Aaron

    Is there some way to select all countries (except my own) from the drop-down list of countries?

    1. Hi Aaron,

      No, you have to select all countries. But you can make it easier by pressing ctrl and for instance hitting the enter button and down key..

      It is still on the to-do list. But I believe the library I use does not support it yet. So only thing I can do right now is select all countries but your own when you install this plugin fresh.

      1. Hi Pascal,

        Is there a file to copy from within the plugin to upload to another website that has the plugin installed that contains the country codes selected in the first website? Is it htaccess?

        Thanks so much – Jennifer

        1. Pascal

          Hi Jennifer,

          No it’s not in htaccess that would make your site come to a full stop if you block a lot of countries. It’s a wordpress plugin that works within wordpress itself.

          An import / export function is on the to-do list. I think I’ll work on that next.

  13. Pascal,
    Your plugin has been very helpful in blocking a lot of suspicious activity my blog was getting from one specific country. Thank you. However, I see a lot of those same kind of hits coming in now from “unknown” countries, leading me to believe that perhaps some of the same people are just masking their country of origin. Is there some way to set iQ Block Country to block all unknown countries too? Or is this perhaps a feature that could be added in a future version of the plugin?

    1. Hi Mark,

      Can you supply me with a couple of IP addresses that result to an unknown country?

      1. Hi Pascal,
        Just sampling a couple from over the last 24 hours that have hit repeatedly on the same posts, there’s and I’m getting this data via the plugin Counterize, which almost always IDs the country of origin, but in cases like this just gives me “???,” meaning the country is unknown.

        1. Hi,

          On the tools tab you can lookup these IP addresses:

 = United States
 = Canada

          So you would have to block those countries if you want to block these IP addresses πŸ™‚

  14. Thanks, Pascal. Those are not coming from the sources I expected. Obviously it’s not going to help me much to block my own country! πŸ™‚
    It’s still odd though that I’m getting multiple repeated hits on the same pages from addresses like this that Counterize can’t ID. I’m not sure what the point of that is.
    Perhaps I need to look into caching or something, hopefully without messing up iQ Block Country’s ability to function.

    1. Pascal

      The database Counterize uses is unfamiliar to me but it does not say anything on their site about a guaranteed accuracy.

      The MaxMind database I use I believe claims to have a 99% accuracy for the free version and 99,6% on the paid version. So that’s pretty high. But in both cases it loses accuracy when the database is not updated. So perhaps you have an old database for counterize.

      The iQ Block Country plugin also allows you to ban individual ip addresses so even annoying visitors from countries you do not want to block in a whole can be told to go elsewhere πŸ™‚

      If you look into caching I can recommend Varnish. But you need an own setup for that to work.

      1. Pascal,
        Thanks much for all the time you’ve put into this. You’ve definitely given me some info I can move forward with.
        So far as databases go, I’ve not seen any sort of setting for updating the database for Counterize, though I have kept the plugin itself up-to-date. I quite easily found where I could manually update the MaxMind databases in iQ Block Country.
        Again, thanks for looking into all this, and your suggestions.

  15. Import/Export function coming soon for the people who have requested it. Quite handy if you maintain a couple of wordpress sites!

  16. Hi Pascal, great work you have done there, but is there a simple function to block all countries and allow only a few countries ?
    cuz Blocking all existing countries would be stupid instead of only allow 2 countries and block the hole world, you know what I mean,
    – Or does this feature already exist ?
    Thank you very much

  17. Mark

    This is a great plugin. Was shocked to see so many attempts to access the admin side of my site from the USA.


  18. Michael

    Hi Pascal

    Great plugin thanks – it’s a godsend. It is stopping blocked countries from accessing the front end of our wordpress site perfectly.

    But it isn’t preventing access to the admin side even though I’ve ticked that option, selected countries and saved the settings. And that’s the part I really need to help stop my site getting hacked.

    Any ideas please?

    Thanks very much


    1. Hi Michael,

      What makes you think that access to the admin side is not prevented? This goes through the same loop when checking if people should be blocked as the frontend.

      What is the URL of your site and can you provide a screenshot of your options page?

  19. I have a somewhat strange problem that no one else seems to have experienced. I have just one country on my block list (China) yet people in the UK are getting blocked from viewing my site. Any thoughts on this?

    1. I have a similar problem in that we have blocked most countries other than Western Europe, but yet we are constantly receiving complaints from people in the UK that they are being blocked. We are based in the Wales, UK and the site hosted in London. The issue is so sporadic and inconsistent that the site owner can be blocked and when he tries some time later, he is allowed access. We have for the time being disabled the plugin.

      Any suggestions would be appreciated

      1. I can imagine this happening when people have dynamic IP addresses and some of their IP addresess are connected wrong in the Maxmind database.

        I’d love to hear the ip addresses when this happens. Visitors can find out their own IP address with a “whatismyip” site of their choice. If it can be matched to an entry on the statistics page I am interested in hearing about them.

  20. Lilia

    I’m trying to block the UK but they’re are getting in the past several weeks. Can you fix please? Good plugin otherwise πŸ™‚

    1. Do you have example IP’s ? The plugin is basing it’s decision to ban or not on the database information provided by MaxMind. You can check via the tools tab if an ip belongs to the country you think according to the database.

  21. Great Plugin, I love it! Could you please remove the period “.” from the “Tools” tab?

  22. Pascal, great plugin. I’ll be sharing it with out WP group if it hasn’t already been done so. I do have a couple of questions though.

    1) One of the countries I have blocked continues to gain access or possibly only attempt; however, just today someone from said blocked country left a comment that got caught up in my SPAM Que. I cross referenced the ip and it’s from the same country, which lead me to another question/comment.

    2) I noticed that GeoLite was documenting a blocked country as gaining access, but when I cross referenced the ip of the visitor found in the details of GeoLite, it actually shows being from a different county on the other side of the world. With that said, I’ve now blocked that additional country.

    So my questions are not so concerned with whether or not your awesome plug in is working properly, but how can I better defend my website by investigating the information provided by the plugin and/or modifying its settings?

  23. Hi,

    If a spam comment is left or perhaps other unwanted activity you can check to which country the ip belongs via the tools tab. You can then choose if you want to block that country as well.

    Sometimes an IP is not registrered to the country you expect it to be. This mainly happens with big international corporations and large internet providers.

    I am not sure if this answers all your questions but if you have more questions please ask πŸ™‚

    1. Thanks for the quick reply. My apologies if my comment seemed a bit ambiguous. I think I was a bit overwhelmed to see of all the attempts to the front and back end of my website your plugin was blocking. Yikes! I have blocked the additional country and continue to monitor activity. The nugget of info on IP registration helps. Thank you again!

  24. CK

    Hi – I love your plug in! But I think I’m either doing something wrong or I am reading the logging wrong. I want to only block a few countries from one page on my site. I have listed the countries and checked the “block from front end” then checked the “individual pages” but in the logging its reading that those countries are being block from all pages. Can you please let me know if I have checked the wrong things or if I am just reading the logging wrong? Thank you.

  25. Hello,Pascal
    Thanks for your Plugin. It works well for me. Is that possible to Block VPN to access your website?

    Best Regards

    1. Hi,

      If you know the end IP address of the VPN you can add it to the blacklist or block the country.

      Visitors that use a VPN or a proxy all end-up using an ip address so if they should be blocked you can.

      1. Hi
        Sorry. I mean that Automatic block the VPN. Just like block a Country. Just Like

        Best Regards

        1. No, it does not work like that. You have to know the IP addresses of the VPN providers etc.

  26. Maxim

    Hello Pascal,

    I made a Russian translation for your wonderful plugin iQ Block Country.
    The only line was not translated “Download GeoIP database” – it is not present
    in .po file. In Russian it will be “??????? ???? GeoIP”.

    1. Maxim

      Oh, “????? ????” is not what I wanted to say πŸ˜‰

    2. Hi Maxim,

      Thank you. I believe that phrase was indeed not present in the .po file. In the current beta version I’ve added and changed strings as there were some changes/additions. The Download GeoIP database should also be present now.

      1. Maxim

        Very well, please contact me when the beta will be ready, and I’ll complete the translation!

        1. Pascal

          Hi Maxim,

          v1.1.6 is now release including the new po files.

        2. Maxim

          Hello Pascal, I have updated the translation (the same link above)! Thanks!

        3. Hi Maxim,

          Thank you! Your translation was included in v1.1.7 which was just released. I’ve credit you in the readme.txt. This page will be updated in the course of the day.

  27. Hello you ! why i select block some country and select my country . But dont block. my Ip . what happen ? old vesion work fine and after update new vesion , it not work

    1. Hi Adam,

      Can you explain further? Did you perhaps check the do not block when logged in on the frontend tab?

      When testing I block all countries including my own and the only situation I can still access the test site is when that option is checked.

  28. Hi all,

    After tracking blocked users from the backend was introduced in v1.1.6 I will need a couple of people to test the new blocking feature based on the output of this tracking.

    – You will need to set (or already have set) the allow tracking option in the current version.
    – You’ll need to be comfortable to unzip a new beta file and upload it via FTP (or in a better way if you know how)
    – It is preferred that you’ll need to be able to access your database via for instance PHPMyAdmin (or allow me to do so)
    – Give feedback πŸ™‚

    The new function will only add a blocklist of IP addresses to block the backend. If a visitor is on this blacklist he will still be blocked even if the country he is from is not on the blocklist. This is also useful if you block the entire world except your own country as there will also be rogue visitors from your own country.

    If you are interested in participating drop me a line via the contact form!

  29. Akira Leir

    Why is my logging tab timing out? It is the only page on the entire server that’s getting this error.

  30. fholliday

    Hi Pascal,

    Am i supposed to check the box that says block vistors from viewing the backend(administrator) of my site? I did remove my country(United States) from the block list. I just wanted to know if I have to check the box as well. Thanks

    1. Hi,

      Yes the plugin does not automatically block visitors. You have to check the box first. Also if you want to block visitors from your frontend you need to select the countries first and check the box on that tab to make it work.

  31. Larry

    I’m having a problem with visitors being blocked from my site. I have 3 sites but only one is showing the Forbidden – Users from your country are not permitted to browse this site message to visitors, even though all the sites have the same setups using plugins and themes. I have deactivated the your plugin and cleared my browser but I’m still seeing the Forbidden message. I’m in the US so I don’t know why it would even block me from the front end.

    1. Pascal

      Hi Larry,

      Perhaps you use a caching plugin or another caching solution?

  32. I want to block access to one particular page of the front end (or actually, allow viewers from only a few countries). And my country is one of the ones I want to block. How will I be able to view that page once I have built it? How will I be able to know that it looks OK? Must i first build the page, check that it looks OK and then set up the blocks? Is there a way to tell the plugin to allow signed-in users to see all pages, even ones which are denied to other viewers from my country.

    1. You can whitelist your own ip address. If you block your own country you can still visit your site if you whitelist your own ip.

  33. HIllguy27

    Plugin seems to be working, but I’m confused. Does this block attempts to direct access files, as when using .htaccess? In other words, say I have France blocked on the frontend and someone from France tries to access http://www.mywebsite/readme.html, will they receive a block message from iQ block, or will this request bypass iQblock.

    In other words, does iQblock only work for people trying to access WordPress?


    1. It will only work for pages and blog articles within wordpress.

      You can also block countries via .htaccess file but when you block many countries your site will slow down due to the fact the webserver will have to parse the entire .htaccess file for each request while the wordpress plugin is way more efficient.

  34. Hi Pascal.

    Thanks very much for this excellent WordPress plugin! It is extremely useful, is easy to use and has a great GUI.

    Much success in the future!


    1. Pascal

      Hi Brian,

      Thank you for your comment! There is a new v1.1.11 released today!

  35. Purple Bob

    This plug-in has made life so much easier…… No more idiots, spambots, and scammers from outside of the countries we sell to, signing up to our web site where they’re not allowed to buy anything anyway!!

    1. Pascal

      Thank you! Please if you did not do so leave a review at the wordpress plugin site πŸ™‚

  36. Larry


    In the country list there are 2 that need explaining, at least for me. Other and Anonymous Proxy.

    1. Hello! Thanks for the plug in. It has worked in the oast, but recently has stopped blocking countries I have listed. Is an update coming, thanks!

      1. Hi Allen,

        Please elaborate on what is not working for you as the current version works fine. But there may of course be circumstances where the plugin does not work for you.

    2. Hi Larry,

      The list is made by MaxMind so I just display it as-is.

      On Anonymous Proxies they say: “These IP addresses are used as anonymizers or VPN services. They are often used to circumvent IP geolocation restrictions.”

      The Other country option is not really used in this specific database but in other databases that maxmind provides it is.

  37. Suggestion: It would be nice to block all countries and choose which ones to unblock. I need to block all countries on front & back except U.S. It’s a pain to select one at a time.

    I love your plugin!

  38. Awesome plugin, I wrote my question on the old page before,
    will really appreciate your help.

    I blocked HK by IQ block plugin with message box and it works perfectly.
    I need to block Australia, Canada, China and USA also but only redirecting them to the blank page.

    Is it possible to do it by this plugin or
    Is it possible only block HK by IQ and the rest through IP blocking in Godaddy hosting ( which I don’t know how)?

    Could you please help (simple way)

    Many Thanks

    1. Hi Aida,

      It is not possible to both redirect to a page and display a message with my plugin. You have to choose between both options for all visitors that are blocked.

      1. siki

        hi pascal!
        are you online this time? i have a problem which can solve only you.

        1. Hi Siki,

          With what can I help you?

  39. Mark Zip

    Hello Pascal,
    Thanks for your plugin.

    I am referring people to various versions of an eBook, where one publisher has exclusive rights in some countries, another publisher has rights in other territories, etc. etc.

    I need to block some countries from one page, other countries from a different page and still other countries from a third page.

    I looked at the settings and it appears that I can only do this for one page. Am I missing something?

  40. Pascal,
    I decided to make things a bit simpler and only use iQ Block Country for one page.
    I have selected the page I want to block. I have selected the countries I want blocked. Now how do I apply those countries to that page?
    It works when I check the box marked “Block visitors from visiting the frontend of your website”, but then they cannot see my front page either (although they can see all other pages)
    How do I block *only one* page and no others?
    Apologies if I am missing something obvious. I have read through all other comments and cannot find the answer.

    1. Hi Mark,

      This should work:

      On frontend tab select the countries you want to block + select Block visitors from visiting the frontend of your website.

      On the pages tab: Select the page you want to block + select Do you want to block individual pages.

      On the categories tab: Select Do you want to block individual categories but do not select any categories.

      This works for me and also allows visitors to visit your homepage.

      1. markzip

        (October 14, 2014)
        Has the behaviour you indicate above changed? It was working perfectly.
        But it appears that something must have changed because now people in the counties I want to prevent from seeing that one particular page are being redirected to the landing page even when they are not trying to hit the restricted page.
        For instance, if people in restricted countries like USA and UK try to do a search on the site they get the landing page.
        I have set like this:
        On frontend tab select the countries you want to block + select Block visitors from visiting the frontend of your website.
        On the pages tab: Select the page you want to block + select Do you want to block individual pages.
        On the categories tab: Select Do you want to block individual categories but do not select any categories.


        I have had to turn off the plugin until I can solve this.

        Thanks again for all your work.

        Mark Zip

        1. Hi Mark,

          No this behavior has not changed. Just tested it myself again on various installs on different wordpress versions and on all sites it worked correctly.

      2. markzip

        Thanks for the quick reply. You are correct that the behaviour has not changed. I guess I had not noticed before that the plugin also blocks “tags” and searches.
        Thus, if you are in a blocked country and you go to you get the donation page. This is *correct*. And if you are in a blocked country and you try to go to you are redirected to This is also *correct*.
        But if you are in a blocked country and you try to go to a tag page like (one of the examples in the tag cloud on the front page) you are also redirected to I think that this should not* happen.
        Similarly, if you are in a blocked country and you try a search from the search box at the top of the page, something like you are also redirected to I think that this should *not* happen.
        Can you suggest a solution? Might this require an update to the plugin?
        Thanks again for your efforts.

        1. Hi,

          It is correct that it blocks all other than blog or post articles. So indeed it will block /tags/ or /category/ or other pages.

          That will require an update but I am unsure for the moment how to go about that. I do not want to add an “tags” and an “Other” tab.

  41. Hi Pascal,
    Thanks for your great work, IQ block works perfectly for me, but I need to do something little bit complicated and I cant figure it out.
    1. I need to block HK completely with message in message box to display (I did already and it’s fine)
    2. I want to block Australia, China, US and Canada but redirecting to the blank page without message.
    I thought I can use IQ for blocking HK and blocking the rest through Godaddy hosting but I couldn’t.
    Can you please help me how I can do that (Simple way please)?
    Many thanks,

    1. Hi Aida,

      I already replied to your email but that came back as undeliverable….

      This is not possible with iQ Block Country. There are options to do so externally or by writing a plugin but no simple way unfortunatly.

  42. BN

    hello, I would like to thank you for the nice job. I have a question. the plugin seems to work fine but when I test it, the frontend is blocked but the backend no.

    Both are sets to block Chinese ip. When I check the IP in the plugin, it is well recognized as being Chinese

    can you please advise ?

    1. Hi,

      Can you please supply a list of those ip addresses that should have been blocked?

      1. BN

        Hello, I have two worpress blogs

        now for example now I have a US IP and my backend is blocked, I dont know why only one backend is blocked, the second backend of my second blog is working good.

        the IP is

        t should not be random like that right ?

        1. BN

 another one that should have been blocked and was not

        2. BN

          it is nightmare, I cannot even access my backend now, everything is blocked, I tried with “white” countries like USA, Canada, Sweden, Netherlands, everything is blocked, I need to access my backend :(( please help

        3. BN

          even when I put the address in the blacklist, the user can still access the website

  43. BN

    I changed the value in the db but i would like to know if the plugin is working or not

    1. Hi,

      Can you send an export of your settings that you think are not working?

  44. GV

    Just installed. Have to see how this performs. I decided to go with this because of an unbelievable amount of traffic coming from Semalt dot com. Thanks.

  45. Gunter

    Hello Pascal,

    First, thanks for your plugin and your work !

    I would like to know how iQ Block Country works. It seems that the plugin compares the IP address of internet users to database then allow them to access to the frontend or backend depending what we set ? It doesn’t wirte anything in the .htaccess ?

    I would also like to know which element of the website can be launched or seen by the internet user before the rfontend and/or backend is blocked ?

    Thanks !


  46. Christoph

    Hi Pascal, in 1.1.6 you added this feature:
    * Added IP checking in header HTTP_CLIENT_IP and HTTP_X_REAL_IP
    I guess, this matches this request?

    As large internet service providers, such as Deutsche Telekom, use 10.x.x.x/11.x.x.x/12.x.x.x/13.x.x.x/14.x.x.x as internal (!) IP addresses and NAT them via a proxy address, these German clients are now identified as US-American or Vietnamese. Result is, that all users, accessing the site via a Deutsche Telekom UMTS/LTE router or from a mobile phone, do not have access to the site anymore. Telekom added a custom header field X-TM-REMOTE-ADDR with the public IP address, that represents the real location Germany.

    Example: While HTTP_X_FORWARDED_FOR is (US) the X-TM-REMOTE-ADDR is (DE).

    1. Hmmm that is very bad of T-Mobile as 11.*, 12.* and further are not private IP addresses.

      KPN in The Netherlands also uses private IP addresses but adds to private ip address in an X header.

      I can probably also check for the existance of the X-TM-REMOTE-ADDR but cannot test if it works myself ofcourse πŸ™‚

      1. Christoph

        Yes, I know, it is a bad job to use public addresses as if they would be private ones. πŸ™

        I already tried to get the custom T-Mobile header, but failed. But my PHP know-how is very limited. πŸ˜‰ I will pass the job to one of my devs and will let you know, if we “see” the custom header. If so, I will provide you the code.

        1. Christoph

          Tried the fix. and got several “Cannot modify header information – headers already sent” in lines 250 to 265 of blockcountry-checks.php. Even switching the corresponding option remains in having one of these errors. Last output is the “go-away-message” instead of forwarding me to the homepage as configured, when blocked.

          I tried to access the header via $_SERVER[‘X-TM-REMOTE-ADDR’] before on myself and got no result. I just dumped all header information to html output and do not see the custom header at all. I do not know, how this header is provided by T-Mobile.

          T-Mobile provides a page to test the custom header at , but this site is available on the phone only and they do not provide the source code. I try to get more information about that from T-Mobile now.

        2. Can you give the 1.1.15b version a go? πŸ™‚ Might be able to access the proper X-Header in another way.

          If you get errors can you please copy & paste as line 250 for instance does not output anything so a header already send error would be strange…

    1. Pascal

      Ha! Well okay. You probably get the headers error now because I removed output buffering from the plugin as it was causing issues with Nextgen Gallery.

      There is already something that sends out data before the iQ block Country plugin kicks in. Might be another plugin that loads first (you could deactivate, and reactivate iQ Block Country so it tries to load itself as the first plugin again) or it can be your template.

      Seems like I might have to add the output buffering again but perhaps with an option that you can set it to off if you use NextGen Gallery πŸ™‚

      You can remove the // from the following lines in iq-block-country.php to see if that fixes your header issues:

      //add_action ( ‘init’, ‘iqblockcountry_buffer’,1);
      //add_action ( ‘wp_footer’, ‘iqblockcountry_buffer_flush’);

      1. Christoph

        Waiting for feedback from Deutsche Telekom. They understand the problem, but currently research internally, how the header should be retrieved.

      2. Christoph

        Just to give you feedback: Still waiting for Deutsche Telekom. πŸ™

      3. Christoph

        Telekom seems not to be able to work on this subject. But I dumped all server variables to move forward. I got these variables and client IPs:

        GEOIP_ADDR =>
        REMOTE_ADDR =>

        So the names of the server variables are different from what they told me. Your plugin identifies our mobile clients via the HTTP_X_FORWARDED_FOR address ( in my example) and blocks it as US. But the 16.x.x.x subnet is an internal Teleokom subnet using public US addresses in this case. Therefore it should identify the client over one of the other two variables. Is that possible?

        1. Christoph

          In our case the GEOIP_ADDR needs a higher ranking than the HTTP_X_FORWARDED_FOR. Maybe there should be an option in the plugin to name a custom header field, that can be used. So you do not need to implement this on an individual base.

        2. Pascal

          There was an error in v1.1.15c that did not properly check for the HTTP_X_TM_REMOTE_ADDR variable.

          But I see there is no such var set according to your tests?

        3. Christoph

          Correct. There is no such variable. The GEOIP_ADDR ist the one, who we are after now. I found this by just dumping ALL variables.

  47. Installed iQ Block Country on WP 4.0 but don’t see any settings page for iQ Block Country. Tried with 1.1.14 and 1.1.15c.

    I also have these plugins installed: Akismet, WPFront User Role Editor, 1&1 WP Wizard.

    1. Hi,

      Do you perhaps run it on a Windows / IIS environment?

      1. I don’t think so, my host seems to be running Debian.

        But thankyou for the suggestion; I suspect the problem could be related to my having installed WP through the 1&1 Click-and-Build installer. But as I used the “Free Mode” I thought this should not be a problem:

        I will try installing WP manually and see if that fixes it. But I would still really like to know why the Click-and-Build Free Mode causes such a problem. Would there be a log file or something somewhere that could help me trace the failure to a particular missing file permission or whatever it might be?

      2. I figured out what I did wrong. I was logged in as my reduced privilege user instead of the full admin user. My reduced privilege user is able to install plugins (I modified the user roles) so I couldn’t figure out why I wasn’t seeing the iQ Block Country settings page after installing it.

Geef een reactie