Description
This plugin protects your WordPress login area by restricting access to specific countries based on geolocation. It is especially useful for hardening security for roles such as administrator, shop manager, editor, and author.
Features:
- Restricts logins for admin, shop manager, editor, and author roles based on IP geolocation.
- Automatically whitelists the country where the plugin was first activated.
- Settings page to manually select allowed countries.
- Dynamically fetches a list of countries via a public API.
- Lightweight and easy to configure.
Powered by ipinfo.io for IP geolocation detection.
External Services
This plugin relies on two external services to function properly. These services are used to identify user locations and provide country data for configuration purposes.
1. ipinfo.io
What is the service used for?
– Used to determine the geolocation (specifically, the country) of an IP address attempting to log in.
– Ensures that only users from allowed countries can log in as administrator, shop manager, editor, or author.
What data is sent and when?
– The plugin sends the IP address of the user attempting to log in to ipinfo.io at the time of login.
– This is done in real time to determine the user’s country and enforce access rules.
Service Provider:
– Website: https://ipinfo.io
– Terms of Service: https://ipinfo.io/terms
– Privacy Policy: https://ipinfo.io/privacy-policy
2. restcountries.com
What is the service used for?
– Used to dynamically fetch the list of countries (with country codes and names) displayed in the plugin settings.
– Allows users to easily select which countries should be allowed for admin login access.
What data is sent and when?
– No user data is sent.
– The plugin performs a GET request to https://restcountries.com/v3.1/all?fields=cca2,name to fetch a list of country codes and names during plugin settings initialization.
Service Provider:
– Website: https://restcountries.com
– API Documentation: https://restcountries.com/#api-endpoints-v3-all
– No specific privacy policy is published, as this is a public API that does not handle user-specific data.
License
This plugin is licensed under the GPLv2 or later. See https://www.gnu.org/licenses/gpl-2.0.html for details.
Installation
- Upload the plugin files to the
/wp-content/plugins/restrict-country-logindirectory, or install it via the WordPress Plugins screen. - Activate the plugin through the ‘Plugins’ screen in WordPress.
- Navigate to Settings Restrict Country Login to configure the allowed countries.
- Save your settings.
FAQ
-
What happens if the plugin cannot detect the user’s country?
-
If geolocation fails, the login will be blocked and the user will receive an error message.
-
Can I remove the country where the plugin was first installed?
-
No. For security and fail-safe reasons, login access from the original install country is always allowed.
-
Which user roles are affected by the restriction?
-
Only users with the roles administrator, shop manager, editor, and author are restricted by country. Other roles remain unaffected.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Restrict Admin Login by Country – GRC” is open source software. The following people have contributed to this plugin.
Contributors
Translate “Restrict Admin Login by Country – GRC” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.5 – 2025-06-13
- Added sanitization to
register_setting()for WordPress Plugin Check compliance. - Escaped all output on the settings page.
- Fixed missing text domains for translation.
- Validated and sanitized IP addresses from
$_SERVER. - Prevented removal of the installer’s original country from the allowed list.
1.4
- Fail-safe: always allow login from the original install country, regardless of settings.
1.3
- Integrated dynamic country list via a public JSON API.
1.2
- Added settings page to configure allowed countries.
1.1
- Made restrictions dynamic instead of hardcoded for Romania (RO).
- Improved error handling for IP detection.
1.0
- Initial release.
- Restricted admin/shop_manager/editor/author login access to Romania (RO) only.