Login IP & Country Restriction PRO

This plugin allows you to restrict the users’ login for specific IPs or countries, and also to bypass the restrictions for specific roles, or specific users, for better WordPress security. This integrates seamlessly with WooCommerce and auto-adapts to new customers. Yearly License.

Description

This plugin allows you to restrict the login on your website, based on the custom rules you apply. This helps with tightening your website security and fights against dictionary bot attacks originating from other countries, by denying access.

By default, upon activation, the plugin does not apply any restrictions. You can configure the plugin to allow authentication only from specified IPs or from specified countries. Additionally, the plugin allows for redirects to the front page when the default “Login” and “Register” URLs are accessed by someone that has a restriction. You can also specify other custom URLs to be redirected to the front page as well, following the same restriction rules.

The PRO version includes other useful features.

Screenshots from the plugin interface:

Rule Type

The login filter can be configured to work in a different way, depending on what type of rules to be assessed and in which order.

Allow login only for allowed IPs
Allow login only for allowed countries
Allow login only for allowed countries or allowed IPs
Block login only for blocked IPs
Block login only for blocked countries
Block login only for blocked countries or blocked IPs
Allow login only for allowed countries or allowed IPs, but not from blocked IPs
Allow login only for allowed countries or allowed IPs, but not from blocked IPs or blocked countries
Block login only for blocked countries or blocked IPs, but not for allowed IPs
Block login only for blocked countries or blocked IPs, but not for allowed IPs or allowed countries

Login Restriction Rules — Example of settings for the login restriction and filters for the XML-RPC authenticated methods

Filter XML-RPC authenticated methods

This new option controls whether XML-RPC methods requiring authentication (such as for publishing purposes) are enabled or not. This option does not interfere with pingbacks or other custom endpoints that don’t require authentication. There are 3 options:

Default
Disable all
Disable only when matching a restriction rule

IP Restriction

If you choose to set a login restriction by IP, then you have to add your own IP to the list. This is done automatically starting with version 6.0. If you are using the plugin in a local setup the IP is 127.0.0.1 or ::1, this is added to your list by default.

Starting with version 6.0, the plugin has new options for blocking specific IPs, and since version 6.6.0 the IP ranges can also be set as allowed or blocked

IP Restriction — Example of allowing or blocking IPs

When combining the rule types with the IPs restrictions and also countries’ restrictions, you can set up the filter to allow some specific IPs even if these are from the blocked countries.

Country Restriction

The plugin allows for selecting the countries from where the login would be allowed and also selecting the countries from where the login to be blocked.

Redirects

You can use redirects to the front page when the URLs are accessed by someone that has a restriction, for the login page, the registration page, and other specified URLs.

Other Settings

License Key

To activate and validate the license key, you can input the key as presented below, then click the activate/validate button. If your license key has changed or the activation code has changed, you can click the Reset button first, then try again with the new license key code.

Login IP & Country Restriction PRO — Other settings screen

When the user attempts to authenticate, and the account is restricted either by IP or country, if the role is not in the list of bypassed roles, then the user will see a plain “Forbidden!” message. If you enable this option, the page will redirect to your “404” page instead of that or will display a the forbid message that can be customized.
There are two options:

Header 404 – Redirect the visitor to the site’s “Not Found” page.
Header 403 – Show “Forbidden Access” and the custom message.

Lockout duration

When a user attempts to authenticate and the restriction kicks in, the user will not be able to login in the next hour (the default duration is 60 minutes). You can change the lockout duration if necessary.

Individual lockout

If for various reasons, you need to temporarily disable the login for a specific user, you can enable this option. With the setting on, you can edit the user account(s) you wish to restrict. You will see the list of restricted users on the plugin settings page.

Don’t worry, you can revert this option at any time. If you need to grant access back to all the user accounts you restricted, uncheck the individual logout option in the settings.

Individual lockout info in users listing — Info in the users listing when the single IP mode is enabled for the users

Individual lockout in edit user screen — Options in the user screen

WooCommerce Integration

With this setting, you can instruct Login IP & Country Restriction plugin to auto-adapt to new customers on your WooCommerce shop, so that their country to automatically be added to the list of allowed countries. This grants them login access right away.

Bypass the IP and country restriction for the specified roles

You have to option to bypass the login restriction that you put in place (based on the country or IP) for specific user roles.

This is useful for online shops, where your customers place orders and then authenticate on your website. This happens from various locations that might not be included in the allowed IPs or countries filters, and using this feature would grant them access to their accounts right away.

Temporarily disable all settings

If for various reasons, you need to temporarily disable all restrictions and any other settings of this plugin, you can use this option, without losing the current settings.

If this option is enabled, the users will be allowed only from the first IP they had when they first log in. Don’t worry, you can revert this option at any time, and also reset the IP for individual users.

Simulate IP and Country

Simply add an IP or country in the “simulate restriction” section and save the options. That would enable a custom mode that shows you how the currently applied filters are dealing with that specific IP or country.

When the simulation mode is on, you can see at the top of the page a separate info box, similar to this:

Accessing the simulation URL, the following note would be visible. If you want to get out of the simulation mode, just go back to the settings page and remove the simulation IP and country, and save the settings.

Simulate IP and Country login — Example of info in the authentication screen when simulation mode is enabled

Information about the restriction based on the combination of IP + country + rule type

Information about the restriction - allowed access

Information about the restriction - blocked access

Debug

The plugin offers options for you to export and import the settings from one instance to another, to check the country for a specified IP, or to see some of the application information that is important when troubleshooting.

Additional Information

License Key	valid for 1 year
Domain/Website	valid for 1 domain/website, for multiple websites – please purchase the plugin for every additional domain
Disclaimer	iuliacazan.ro offers the WordPress plugins/extensions “as is” and with no implied meaning that they will function exactly as you would like or will be compatible with all 3rd party components and plugins. We do not offer support via email or other WordPress plugins we have not developed.