We’d like to share a useful tool for anyone running WordPress sites.
Protect your WordPress admin from logins outside your country
We built a free plugin that blocks access to the admin panel for IP addresses from countries not on your allowed list.
What the plugin does
The plugin blocks access to wp-admin and wp-login.php for IP addresses from countries not in the allowed list. Frontend visitors, online store customers, and members area users are not affected — only the admin panel is restricted.
Download
block-access-to-admin-by-country.zip
Installation
- Download the zip archive using the link above
- In your WordPress dashboard, go to Plugins → Add New → Upload Plugin
- Select the downloaded archive and click Install Now, then Activate
- Go to Settings → Admin Country Block and set your allowed countries
Settings
- Allowed countries — country codes, one per line (e.g. EE, FI, LV). Only IPs from these countries will have access to the admin panel.
- Exception IPs — IP addresses that always have access regardless of country. Add your own IP here to avoid locking yourself out.
- Cache TTL — how long the lookup result is cached per IP address (default: 24 hours).
For Core Hosting customers
On Core Hosting servers, the plugin automatically uses a local MaxMind GeoLite2 database — no external requests, fast and reliable. The database is updated weekly. No additional configuration is needed.
For sites on other hosting providers
he plugin uses a free geolocation API (freeipapi.com). You can also specify any other compatible API in the API URL field. Results are cached, so the number of API requests stays minimal.
The plugin supports automatic updates — new versions will appear in the standard WordPress updates section.
The plugin is free and open to everyone. If you run into any issues during installation or have questions, feel free to contact our support team.