Have you seen a sudden surge of unwanted traffic from a particular country to your website? It may be visitors based on some location you don’t cater to, or it may be hack attempts made by malicious bots. Whichever be the reason, such traffic has detrimental effects on your website.
It could slow down your site and exhaust your server resources. It could also lead to your website being hacked. If your WordPress site doesn’t need visitors from certain countries, you can block countries in WordPress using a process called Geoblocking.
In this article, we’ve covered the fundamentals of Geoblocking and how to implement it on your website.
TL;DR – If you’re looking for the easiest and most reliable way to block unwanted countries, download MalCare. In just a few steps, you can select the countries of your choice and block them.
What Is Geoblocking On WordPress?
Geoblocking is a method used to ban IP addresses originating in particular countries from visiting your website.
An IP address is a code that identifies a device used to access the Internet. For example, if a person uses a laptop to access your website, that laptop will bear an IP address. You can block the IP address and that will block anyone using that laptop from accessing your site.
In Geoblocking, instead of blocking just one IP address, you can block every IP address in a specific country in your WordPress site.
This means if you have blocked “Canada”, no person from Canada using the Internet on any device – computers, mobiles, etc., – will be able to visit your website.
WordPress site owners block traffic for various reasons. We’ll briefly touch upon these reasons as we think it would be helpful for your own WordPress site.
Reasons For Geoblocking
There are plenty of reasons site owners may need to block countries as well. Here, we touch upon the common ones:
i. Malicious Traffic
The main reason for blocking countries in WordPress websites is to block rogue users who are attempting to break into your site. While hackers exist all over the world, data shows that there are concentrations in particular countries.
The Center for Strategic and International Studies (CSIS) found that China and Russia have been the biggest source of cyber hacks since 2006. With geo blocks in place, the blocked visitors won’t be able to access your site, let alone try to break into it.
ii. Local audience
You may want to cater only locally to a particular country to block in your WordPress site. Therefore, traffic from other countries doesn’t make sense to your site. To display content to these unwanted visitors, you need to use server resources.
WordPress hosting providers generally grant limited resources to a website depending on the hosting plan (Whether is it a cloud hosting or a shared hosting). You would rather save up your resources to cater to a more relevant audience.
iii. Private audience
You may want to restrict access to your website to only a chosen audience such as your company’s employees. In this case, Geoblocking may be used to block all other countries in which you don’t have offices. So based on visitor geolocation, you can allow or disallow access.
iv. Askew Analytics
You might find that your analytics is messed up because of high spam traffic originating from one country. This could lead to incorrect data on traffic volumes and conversion rates.
v. Premium content
Geo blocks are also implemented on sites that restrict access to premium media like films and television shows. This is done to adhere to copyright and licensing terms. You would see this on sites like Netflix or Amazon Prime.
vi. Price discrimination
Some websites run multiple sites for different countries. In each country, the pricing would be determined based on costs, the standard of living and other factors. Therefore, the owners would like to restrict access to other countries.
vii. Legal obligations
With domains like online gambling, laws vary not just by country, but by region as well. In these cases, websites would need to restrict access and ensure they adhere to the laws that apply.
If you’re not sure about how to find the origin of your website’s traffic, we’ve detailed the steps to do so. If you want to start blocking traffic right away, you can skip ahead.
Find Out The Country of Origin of Your Traffic
You can find out where the traffic to your website originates using two methods: You can use Google Analytics or you can use WordPress plugins to block countries
Using Google Analytics
1. Sign up for Google Analytics and add your website.
2. You will need to set up your website as a property. Here’s a step-by-step guide provided by Google on how to do that.
3. Once that’s done, you’ll see your dashboard like so:
4. Next, you need to scroll down and you’ll see “Sessions by countries”.
5. You can also access ‘Location overview’ to check more details about the origins of your traffic.
Using a Plugin
There are a few geo block plugins available like IQ Block Country and MalCare. Here, we’ll show you how to use the WordPress malware scan plugin.
- First, download and install MalCare on your website.
- You’ll need to sign up and add your website to the MalCare dashboard.
- On the dashboard, you’ll see an option called ‘Security’.
- Under details, go to ‘Traffic Requests > Show More’.
- You’ll see the following report. This will tell you the IP address and the country from which traffic is visiting your website. It also tells you whether the IP address was allowed to visit your site under ‘status’.
Next, with MalCare, you can also see login requests. This is an extremely essential feature for any WordPress site to check your login security.
By clicking on ‘Show more’, you’ll see a list of login attempts. Here, you can see your own login attempts which will be marked as successful. It will also show you a list of failed login attempts with the username they tried to use.
In the example below, the external website we used caters only to London, with its head office in London and no employees working abroad. So we can rule out all countries other than England.
However, if we check MalCare’s login request report, we see attempts made to log into WordPress admin from various other countries with the attempted username ‘admin’.
‘Admin’ is the most common username and hackers are well aware of this. Luckily with this WordPress site, we changed the username to something more complex, therefore, these login attempts failed.
This feature will give you a good idea of which countries to block. In this case, we want to block the United States, Russian Federation, and Singapore.
Let’s take a look at how to enable geoblocking on your website.
How To Block Countries in WordPress Using A Plugin
There are two ways you can implement Geoblocking on your WordPress site: manually or using a plugin. We’re going to dismiss the manual method right off the bat. Here’s why: The process is long and complicated.
You would need to access your WordPress files and then add thousands of lines of code to block individual IP addresses.
Plus, any time you tamper with the backend files of a WordPress site like the htaccess file, you risk breaking your website. This is because even the slightest error introduced in the coding can cause the whole thing to malfunction.
And even after blocking these sites manually, hackers have ways of bypassing your manual blocks and access your site. They may use a proxy server or a VPN which can hide their IP address and help them access blocked websites.
Instead, an effective way to easily block countries from visiting your site is by using a plugin like MalCare.
The process is simple and fast. Plus, the plugin uses intelligent signals to analyse the behaviour of the IP address. So if someone tries to use a VPN or proxy server, MalCare will analyse if this IP address is actually malicious and then block it.
So, blocked country IP addresses are actually blocked, and you don’t have to worry about breaking your site! Let’s take a look at how you can implement Geoblocking on your website using MalCare.
Geoblocking countries using MalCare
1. Login into your MalCare account and select the website.
2. Select the website and then click on Geoblocking to get block options.
3. From the dropdown menu, you can choose which countries you wish to block. All IPs from the chosen countries will be blocked from accessing your website.
4. Click on Block Countries.
5. You will see a notification that the action was successful.
That’s it! You’ve successfully blocked all IP addresses coming in from these IP addresses. The country blocked will no longer see your website appear in the search results. If they visit it by typing in the address in the address bar, they would likely see a prompt like so:
In case you want to unblock a country, you can visit the site under the same Geoblocking tab (using Step 1 and 2). Here, you’ll see the website’s name listed with a plus sign on the right.
If you click on the plus sign, the countries you blocked will appear. Here, you can select which ones you want to unblock and then click on ‘Unblock Country’.
Conclusion: After Geoblocking, what’s next?
With the help of Geoblocking, you can serve a targeted audience and you can bar known malicious hackers and bots.
Next, you need to take measures to secure your website against these bad bots. It will help serve your target audience better by ensuring the security of their personal data.
To completely protect your site, we recommend keeping MalCare active on your website. Apart from the Geoblocking feature, it will provide your site with all round protection. It will regularly scan your entire site for malware and any hacks. And it will also proactively defend your site against known malicious traffic.
We also suggest you apply WordPress Hardening measures to make your website strong. This will fortify your website so that hackers don’t stand a chance!