Validation logs

This plugin stores validation logs when Record “Logs” is enabled in Privacy and record settings section on Settings tab.


Plugin settings

This section collects the operation setting of this plugin and the function to acquire diagnostic information.


Geolocation API settings

In this section, you can configure the Geolocation API to get the country code corresponding to the IP address. There are two types of APIs: a type that uses Geolocation databases downloaded to the own server and a type that hits an external REST API.

Please check the license and Terms & Use of each API.


Local database settings

This plugin has multiple IP address geolocation databases distributed by Maxmind and IP2location. Utilizing multiple data sources is an important mechanism that can complement each other when data is missing. These databases are managed by the Geolocation API library named IP Geo API which which has been separately developed as an another project.

Geolocation API Library

IP Geo API can be installed with the geolocation databases in one of the following directories:

  1. /wp-content/ip-geo-api/
  2. /wp-content/uploads/ip-geo-api/
  3. /wp-content/plugins/ip-location-block/ip-geo-api/

The actual storage location depends on the permission setting of the WordPress tree. If you find it’s 3. then it is necessary to adjust the permissions so that it becomes 1 or 2. to prevent the geolocation databases being removed on updating this plugin.

Local database settings

In some cases, you might see the following error message right after your first installation. This would be caused by a permission touble due to your server’s security configurations.

Error of IP Geo API

In this case, you have to install IP Geo API by your own hand and once deactivate this plugin then activate it again. Please find how to do it in the codex “How can I fix permission troubles?”.

Type of geolocation database

In the location information database downloaded by default, only the IP address and the corresponding country code are stored. But when you switch the type of database to another, you will be able to get the city name, coodinates of longitude and latitude.

Please refer to ip-location-block-maxmind-zip-ipv4 and ip-location-block-maxmind-zip-ipv6 to know how to change the source of databases.

CloudFlare & CloudFront API library

If you are using a reverse proxy or load balancing service provided by CloudFlare or CloudFront, you can obtain the country code of the access source through special environment variables.

To use this, it is necessary to install a dedicated API library. Please refer to CloudFlare & CloudFront API class library.

Privacy and record settings


Front-end target settings

In this section you can set up rules to block access to the public facing pages (aka front-end) from undesired countries.

For spammers, this plugin can reduce both the load on the server and the amount of comment spams by preventing comment form acquisition on the front-end. Against attacks targeted at vulnerabilities in themes and plugins, this plugin can also reduce the risk of hacking sites such as malware installation.

In general, it is difficult to filter only malicious requests from all requests unless you restrict content by region, but with the combination of rules in “Validation rule settings”, unnecessary traffic for your site and risks can be reduced considerably.

Front-end target settings

Public facing pages

Turn on “Block by country” when you do not want traffic from the specific countries. Even when you enable this option, “Whitelist/Blacklist of extra IP addresses prior to country code”, “Bad signatures in query” and “Prevent malicious file uploading” in “Validation rule settings” section are effective.

Matching rule

You can select one of these:

When you select Whitelist or Blacklist, you can configure a different set of country code and response code from “Validation rule settings” section.

If blocking by country is inappropriate for your site or if you want to block only specific bots and crawlers, you can leave “Whitelist of country code” empty to apply only a set of rules under “UA string and qualification”.

Additional 3 options

Validation target

You can select one of the followings:

Block badly-behaved bots and crawlers

Block badly-behaved bots and crawlers that repeat many requests in a short time. Make sure to specify the observation period and the number of page requests to the extent that impatient visitors do not feel uncomfortable.

Block badly-behaved bots and crawlers

UA string and qualification

You can configure the rules to qualify valuable bots and crawlers such as google, yahoo and being OR the rules to block unwanted requests that can not be blocked by country code, giving a pair of “UA string” and “qualification” separated by an applicable behavior which can be “:” (pass) or “#” (block).

UA string and qualification

See “UA string and qualification” for more details.

Back-end target settings

WordPress has many important backend entrances (i.e. endpoint) that will affect on the website. In this section, you can set up rules to validate requests for particularly important endpoints among them.


Validation rules and behavior

In addition to blocking based on IP address geolocation information, this plugin blocks malicious requests by validating based on some additional rules. In this section, such validation rules and behavior at blocking are described.