WordPress.org

Maltese

Get WordPress
WordPress.org

Plugin Directory

CountryLock

CountryLock

By topsyde
Download

Description

CountryLock provides a simple, lightweight way to allow or block countries from accessing your WordPress site.

It’s designed to be “set it and forget it” with no upsells, ads, or complex configurations.

✨ Key Features

  • Master Toggle: Enable or disable the firewall with a single click.
  • Allowed Countries List: Specify which two-letter country codes (e.g., US, CA) are allowed. Everyone else is blocked.
  • Admin Bypass: Logged-in administrators can always bypass the block (toggleable).
  • IP Allowlist: A simple list of IPs or CIDR ranges (like 123.45.67.89 or 10.0.0.0/8) that are always allowed.
  • Block Logging: See which countries and IPs are being blocked (toggleable).
  • Zero-Lookup Detection: Automatically uses Cloudflare (HTTP_CF_IPCOUNTRY) and other common server-level GEO headers for instant decisions with zero performance impact.
  • Remote Lookup: As a fallback, it can query an external service (ipapi.co) if no headers are found.

External Services

This plugin uses one external service as a fallback to determine a visitor’s country if no local GEO headers (like those from Cloudflare or a server-level GeoIP module) are present.

  • Service: ipapi.co
  • What it’s used for: To look up the country of origin for a visitor’s IP address.
  • Data Sent: The visitor’s IP address is sent to the service. This happens only if the “Use remote lookup if no geo headers” setting is enabled AND no local GeoIP headers are detected.
  • Service Policies:

Installation

  1. Upload the countrylock folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  3. Go to the new ‘CountryLock’ menu in your admin sidebar.
  4. Configure your allowed countries and toggle the plugin to “Enabled”.

Reviews

Does what it says

November 17, 2025
SUPER lightweight — like very minimal code. And it blocks these visits at the edge which has DRASTICALLY reduced the # of visits from spam countries like china/india/russia/etc. that I’m receiving on my sites (that are all local US/CA/MX). It’s just a perfect little addition to reduce hosting costs for my clients.Also — it seems other plugins do the opposite where you block specific countries, this is arranged to ALLOW the countries you want, which is way easier with hundreds of countries producing spam with AI now.
Read all 1 review

Contributors & Developers

“CountryLock” is open source software. The following people have contributed to this plugin.

Contributors

Translate “CountryLock” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.8

  • Fix: Corrected admin page structure to prevent other plugins’ notices from appearing inside the UI.

1.0.7

  • Fatal Error fix

1.0.6

  • Refactor: Move inline CSS and JS to external files (tscl-admin.css, tscl-admin.js) and enqueue them properly.
  • Refactor: Rename all internal prefixes from cl_ to tscl_ to meet WordPress.org prefixing standards.
  • Refactor: Remove custom 403 page in favor of the standard wp_die() screen for better compatibility.
  • Fix: Use filemtime() for asset versioning to automatically bust cache.
  • Docs: Add readme.txt with external service disclosure.

1.0.5

  • Initial public release.

Meta

Ratings

5 out of 5 stars.

Add my review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum