{"id":218942,"date":"2025-01-18T17:36:27","date_gmt":"2025-01-18T17:36:27","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/advanced-country-blocker\/"},"modified":"2026-02-06T09:04:54","modified_gmt":"2026-02-06T09:04:54","slug":"advanced-country-blocker","status":"publish","type":"plugin","link":"https:\/\/pcd.wordpress.org\/plugins\/advanced-country-blocker\/","author":23192481,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"2.3.2","stable_tag":"2.3.2","tested":"6.9.4","requires":"5.0","requires_php":"7.2","requires_plugins":null,"header_name":"Advanced Country Blocker","header_author":"Sparkcan","header_description":"Blocks all traffic to the website unless it's from the allowed countries or accessed via a secret URL parameter. Whitelists the activating admin's country on plugin activation. Includes logging, blacklisting, custom block page, admin bypass, and optional email alerts.","assets_banners_color":"533156","last_updated":"2026-02-06 09:04:54","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/sparkcan.com\/acb.html","header_author_uri":"https:\/\/sparkcan.com","rating":5,"author_block_rating":0,"active_installs":2000,"downloads":12310,"num_ratings":6,"support_threads":4,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"2.0.1":{"tag":"2.0.1","author":"brstefanovic","date":"2025-02-24 16:44:10"},"2.0.2":{"tag":"2.0.2","author":"brstefanovic","date":"2025-02-24 16:44:10"},"2.0.3":{"tag":"2.0.3","author":"brstefanovic","date":"2025-03-25 10:23:21"},"2.0.4":{"tag":"2.0.4","author":"brstefanovic","date":"2025-05-06 09:29:33"},"2.1.0":{"tag":"2.1.0","author":"brstefanovic","date":"2025-10-13 13:29:24"},"2.2.0":{"tag":"2.2.0","author":"brstefanovic","date":"2025-10-16 10:03:46"},"2.3.0":{"tag":"2.3.0","author":"brstefanovic","date":"2026-01-04 12:23:01"},"2.3.1":{"tag":"2.3.1","author":"brstefanovic","date":"2026-01-14 11:37:29"},"2.3.2":{"tag":"2.3.2","author":"brstefanovic","date":"2026-02-06 09:04:54"}},"upgrade_notice":{"2.0.0":"<p>Upgrading to 2.0.0 will add new features like logging, blacklisting, and an optional email alert system. Make sure your database is set up correctly and that you\u2019ve reviewed the new settings.<\/p>"},"ratings":{"1":0,"2":0,"3":0,"4":0,"5":6},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3224899,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3224899,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3432082,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3432082,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.2.0","2.3.0","2.3.1","2.3.2"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3432082,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3432082,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3432082,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3432082,"resolution":"4","location":"assets","locale":""}},"screenshots":{"1":"<strong>Settings Page<\/strong> \u2013 Configure allowed\/blacklisted countries, IPs, CAPTCHA, and email alerts.","2":"<strong>Blocked Attempts Log<\/strong> \u2013 View a list of recently blocked visitors.","3":"<strong>Analytics Dashboard<\/strong> \u2013 Visual charts and statistics about blocked traffic.","4":"<strong>Live Monitor<\/strong> \u2013 Real-time view of active visitors and recent blocks."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2562,3751,4124,1192,600],"plugin_category":[49,54],"plugin_contributors":[237155],"plugin_business_model":[],"class_list":["post-218942","plugin","type-plugin","status-publish","hentry","plugin_tags-blocking","plugin_tags-country","plugin_tags-geolocation","plugin_tags-ip-blocking","plugin_tags-security","plugin_category-maps-and-location","plugin_category-security-and-spam-protection","plugin_contributors-brstefanovic","plugin_committers-brstefanovic"],"banners":{"banner":"https:\/\/ps.w.org\/advanced-country-blocker\/assets\/banner-772x250.png?rev=3432082","banner_2x":"https:\/\/ps.w.org\/advanced-country-blocker\/assets\/banner-1544x500.png?rev=3432082","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/advanced-country-blocker\/assets\/icon-128x128.png?rev=3224899","icon_2x":"https:\/\/ps.w.org\/advanced-country-blocker\/assets\/icon-256x256.png?rev=3224899","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/advanced-country-blocker\/assets\/screenshot-1.png?rev=3432082","caption":"<strong>Settings Page<\/strong> \u2013 Configure allowed\/blacklisted countries, IPs, CAPTCHA, and email alerts."},{"src":"https:\/\/ps.w.org\/advanced-country-blocker\/assets\/screenshot-2.png?rev=3432082","caption":"<strong>Blocked Attempts Log<\/strong> \u2013 View a list of recently blocked visitors."},{"src":"https:\/\/ps.w.org\/advanced-country-blocker\/assets\/screenshot-3.png?rev=3432082","caption":"<strong>Analytics Dashboard<\/strong> \u2013 Visual charts and statistics about blocked traffic."},{"src":"https:\/\/ps.w.org\/advanced-country-blocker\/assets\/screenshot-4.png?rev=3432082","caption":"<strong>Live Monitor<\/strong> \u2013 Real-time view of active visitors and recent blocks."}],"raw_content":"<!--section=description-->\n<p><strong>Advanced Country Blocker<\/strong> helps you secure your WordPress site by restricting access based on the visitor's geolocation (country) or IP address. Upon activation, the plugin detects the activating admin's country and automatically sets that as the only allowed country. All other visitors from different countries are blocked, unless they use a secret key parameter to temporarily whitelist their IP. Country detection uses the privacy-friendly ip-api.com service by default but can be switched to a fully offline MaxMind GeoLite2 (or compatible) database file once you configure a local copy.<\/p>\n\n<p><strong>Key Features:<\/strong><\/p>\n\n<ul>\n<li><strong>Automatically allows the admin's country<\/strong> on plugin activation.<\/li>\n<li><strong>Flexible IP-to-country lookups<\/strong> \u2013 start with the built-in ip-api.com integration and optionally switch to an offline MaxMind GeoLite2 Country (or compatible) <code>.mmdb<\/code> database file.<\/li>\n<li><strong>Allowlist or blacklist mode<\/strong> \u2013 choose whether the country list acts as an allowlist or blocklist without re-entering countries.<\/li>\n<li><strong>Temporary access<\/strong> via a customizable secret URL parameter (e.g., <code>?MySecretKey=1<\/code>).<\/li>\n<li><strong>CAPTCHA Challenge<\/strong> \u2013 allow blocked visitors to solve a CAPTCHA to gain temporary access (supports Google reCAPTCHA v2\/v3, hCaptcha, Cloudflare Turnstile).<\/li>\n<li><strong>Real-Time Activity Monitor<\/strong> \u2013 live dashboard showing active visitors, recent blocks, and traffic statistics.<\/li>\n<li><strong>Analytics Dashboard<\/strong> \u2013 comprehensive charts and statistics about blocked attempts.<\/li>\n<li><strong>Manual blacklisting and safelisting of IPs<\/strong> for added security and to accommodate uptime monitors.<\/li>\n<li><strong>Optional email alerts<\/strong> when new visitors are blocked.<\/li>\n<li><strong>Admin bypass<\/strong> so logged-in admins can always access the site (toggleable in the code).<\/li>\n<li><strong>Detailed logging<\/strong> of blocked attempts in a custom database table, displayed in the WP admin.<\/li>\n<li><strong>Custom response controls<\/strong> \u2013 personalise the block page title\/message, choose the HTTP status (403, 410, 451) or redirect to any URL.<\/li>\n<li><strong>Automatic log cleanup<\/strong> with configurable retention plus a one-click \"Clear Logs\" button.<\/li>\n<\/ul>\n\n<p>Use the plugin settings page (<strong>Country Blocker<\/strong> menu in WP admin) to configure the list of allowed countries, blacklisted countries, blacklisted IPs, and whether email alerts are enabled.<\/p>\n\n<h3>License<\/h3>\n\n<p>This plugin is open-sourced software licensed under the <a href=\"https:\/\/www.gnu.org\/licenses\/gpl-3.0.html\">GPLv3 or later<\/a>.<\/p>\n\n<h3>External Services<\/h3>\n\n<p>By default this plugin contacts the ip-api.com geolocation service to detect visitor countries. You can disable all external lookups by switching the IP lookup method to the local MaxMind database in the settings.<\/p>\n\n<!--section=installation-->\n<ol>\n<li><strong>Upload the plugin folder<\/strong> to the <code>\/wp-content\/plugins\/<\/code> directory, or install via the WordPress \"Add Plugin\" feature.<\/li>\n<li><strong>Download the GeoLite2 Country database<\/strong> (or another compatible MaxMind DB format country database) from <a href=\"https:\/\/dev.maxmind.com\/geoip\/geolite2-free-geolocation-data\">MaxMind<\/a> and place the <code>.mmdb<\/code> file somewhere on your server where PHP can read it (optional but recommended for offline mode).<\/li>\n<li><strong>Activate the plugin<\/strong> through the \"Plugins\" menu in WordPress.<\/li>\n<li>Upon activation, the plugin will:\n\n<ul>\n<li>Detect the activating admin's IP.<\/li>\n<li>Determine the corresponding country using your selected lookup method (remote API by default).<\/li>\n<li>Set that country as the <strong>only<\/strong> allowed country in the plugin settings.<\/li>\n<\/ul><\/li>\n<li>Go to <strong>Country Blocker<\/strong> \u2192 <strong>Settings<\/strong> in your WordPress admin menu to adjust configurations (e.g., secret key, blacklisted countries, blacklisted IPs, etc.), choose the IP lookup method, and (optionally) provide the absolute path to your <code>.mmdb<\/code> file for offline lookups.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"where%20do%20i%20get%20the%20geoip%20database%20file%3F\"><h3>Where do I get the GeoIP database file?<\/h3><\/dt>\n<dd><p>You can download the free <a href=\"https:\/\/dev.maxmind.com\/geoip\/geolite2-free-geolocation-data\">GeoLite2 Country database<\/a> from MaxMind (requires a free account). Upload the <code>.mmdb<\/code> file to a readable location on your server (for example, inside <code>wp-content\/uploads\/<\/code>) and paste the absolute file path into the <strong>GeoIP Database Path<\/strong> field on the plugin settings page.<\/p><\/dd>\n<dt id=\"my%20ip%20geolocation%20is%20incorrect.%20how%20do%20i%20fix%20it%3F\"><h3>My IP geolocation is incorrect. How do I fix it?<\/h3><\/dt>\n<dd><p>Local GeoIP databases occasionally have outdated entries. MaxMind updates GeoLite2 weekly, so download the latest release when you notice inaccuracies. You can also manually add or remove countries on the settings page to adjust who is allowed or blocked.<\/p><\/dd>\n<dt id=\"what%20if%20i%20accidentally%20block%20myself%3F\"><h3>What if I accidentally block myself?<\/h3><\/dt>\n<dd><p>You can add your IP manually to the temporary whitelist by using the URL parameter (<code>?YourSecretKey=1<\/code>), solve the CAPTCHA challenge if enabled, or log in as an admin (if admin bypass is enabled). Alternatively, you can deactivate the plugin via FTP or your hosting control panel and adjust settings.<\/p><\/dd>\n<dt id=\"does%20this%20plugin%20store%20any%20visitor%20data%3F\"><h3>Does this plugin store any visitor data?<\/h3><\/dt>\n<dd><p>The plugin stores IP addresses and (optionally) country codes in a custom log table when visitors are blocked. This is purely for security and administrative review. Remove or adjust this functionality as needed to comply with privacy regulations.<\/p><\/dd>\n<dt id=\"can%20i%20bypass%20the%20plugin%20if%20i%27m%20an%20administrator%3F\"><h3>Can I bypass the plugin if I'm an administrator?<\/h3><\/dt>\n<dd><p>Yes, by default, if you are logged in with <code>manage_options<\/code> capability. You can change or remove this bypass in the plugin code.<\/p><\/dd>\n<dt id=\"can%20i%20customise%20the%20block%20page%20or%20send%20visitors%20somewhere%20else%3F\"><h3>Can I customise the block page or send visitors somewhere else?<\/h3><\/dt>\n<dd><p>Yes. The settings page lets you change the block page title\/message (with placeholders for <code>{ip}<\/code>, <code>{country_code}<\/code>, and <code>{reason}<\/code>), choose the HTTP status code to send (403, 410, or 451) or redirect visitors to a custom URL with the status code of your choice.<\/p><\/dd>\n<dt id=\"how%20do%20i%20only%20block%20a%20handful%20of%20countries%3F\"><h3>How do I only block a handful of countries?<\/h3><\/dt>\n<dd><p>Stay in the default allowlist mode when you want to permit just the countries you list. Switch to \"Use Blacklist Mode\" to list only the countries you want to block\u2014everything else will be allowed automatically.<\/p><\/dd>\n<dt id=\"how%20can%20i%20clear%20or%20trim%20the%20log%20table%3F\"><h3>How can I clear or trim the log table?<\/h3><\/dt>\n<dd><p>Use the \"Clear Logs\" button on the Block Logs screen to wipe all entries instantly. You can also configure automatic log cleanup from the settings page\u2014set the retention to <code>0<\/code> days to keep everything indefinitely.<\/p><\/dd>\n<dt id=\"what%20captcha%20providers%20are%20supported%3F\"><h3>What CAPTCHA providers are supported?<\/h3><\/dt>\n<dd><p>The plugin supports Google reCAPTCHA v2 (checkbox), Google reCAPTCHA v3 (invisible), hCaptcha, and Cloudflare Turnstile. You can configure your preferred provider in the settings page.<\/p><\/dd>\n<dt id=\"how%20does%20the%20real-time%20monitor%20work%3F\"><h3>How does the Real-Time Monitor work?<\/h3><\/dt>\n<dd><p>The Live Monitor shows real-time visitor activity including active visitors, recent blocks, and traffic statistics. Data updates automatically every 3 seconds and is stored temporarily.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>2.3.2<\/h4>\n\n<ul>\n<li>Bug fixes and security audit fix<\/li>\n<\/ul>\n\n<h4>2.3.1<\/h4>\n\n<ul>\n<li>Hotfix for Databases not being downloaded<\/li>\n<\/ul>\n\n<h4>2.3.0<\/h4>\n\n<ul>\n<li><strong>New:<\/strong> Added CAPTCHA Challenge feature allowing blocked visitors to verify via CAPTCHA to gain temporary access<\/li>\n<li><strong>New:<\/strong> Added Real-Time Activity Monitor with live visitor tracking, recent blocks, and traffic statistics<\/li>\n<li><strong>New:<\/strong> Added Analytics Dashboard with interactive charts showing blocked attempts over time, top countries, and block reasons<\/li>\n<li><strong>Security:<\/strong> Fixed secret key bypass vulnerability - now requires value to equal \"1\" instead of just checking existence<\/li>\n<li><strong>Security:<\/strong> Fixed SSRF vulnerability in GeoIP download - now validates URLs and restricts to trusted domains only<\/li>\n<li><strong>Security:<\/strong> Fixed IP address spoofing by using WordPress's wp_http_get_original_ip() function<\/li>\n<li><strong>Security:<\/strong> Added file size limits and content validation for GeoIP database uploads\/downloads<\/li>\n<li><strong>Security:<\/strong> Fixed CAPTCHA secret key exposure in settings page - now masked for security<\/li>\n<li><strong>Security:<\/strong> Added proper output sanitization for block reasons in AJAX responses<\/li>\n<li><strong>Fixed:<\/strong> Removed duplicate helper functions (advcb_get_country_name, advcb_get_country_flag)<\/li>\n<li><strong>Fixed:<\/strong> Redundant cleanup function calls removed for better performance<\/li>\n<li><strong>Fixed:<\/strong> Duplicate sanitize callbacks removed<\/li>\n<\/ul>\n\n<h4>2.2.0<\/h4>\n\n<ul>\n<li>Added an optional local MaxMind GeoLite2 (or compatible) database lookup while keeping the ip-api.com integration as the default method.<\/li>\n<li>Added settings fields to choose the lookup method, configure the path to the <code>.mmdb<\/code> database file, and display status messaging for admins.<\/li>\n<\/ul>\n\n<h4>2.1.0<\/h4>\n\n<ul>\n<li>Added a fully customisable block page (title, message placeholders, and selectable HTTP status code).<\/li>\n<li>Added optional redirect behaviour with configurable status codes for blocked visitors.<\/li>\n<li>Added a trusted IP list to bypass the blocker (ideal for uptime monitoring services).<\/li>\n<li>Added automatic log cleanup with adjustable retention and admin notices.<\/li>\n<li>Improved settings guidance for switching between allowlist and blacklist modes.<\/li>\n<\/ul>\n\n<h4>2.0.4<\/h4>\n\n<ul>\n<li>Tested with latest WordPress version<\/li>\n<\/ul>\n\n<h4>2.0.3<\/h4>\n\n<ul>\n<li>Added feature to Clear Logs<\/li>\n<li>Added feature to Disable Logs<\/li>\n<li>Fixed pagination for Logs<\/li>\n<\/ul>\n\n<h4>2.0.2<\/h4>\n\n<ul>\n<li>Added the blacklist mode<\/li>\n<\/ul>\n\n<h4>2.0.1<\/h4>\n\n<ul>\n<li>Fixed WordPress Repo guideline issues<\/li>\n<\/ul>\n\n<h4>2.0.0<\/h4>\n\n<ul>\n<li>Added logging to a custom database table.<\/li>\n<li>Added blacklisted country\/IP feature.<\/li>\n<li>Added admin bypass for testing.<\/li>\n<li>Added email alerts.<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Defaulted to admin's country on plugin activation.<\/li>\n<li>Introduced secret URL key for temporary IP whitelisting.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial plugin release with basic country blocking and default country code.<\/li>\n<\/ul>","raw_excerpt":"An advanced security plugin that blocks website visitors by country, with additional features like blacklisting, logging blocked attempts, admin bypas &hellip;","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/218942","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=218942"}],"author":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/brstefanovic"}],"wp:attachment":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=218942"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=218942"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=218942"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=218942"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=218942"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=218942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}