Block Specific Countries lets you deny access to your site from any country you choose. AdminEase writes server-level .htaccess rules that stop unwanted traffic before WordPress is even loaded, which is faster and more reliable than blocking inside PHP.
What this feature does
Pick the countries you want to block from a country list, save, and AdminEase appends a managed block to your .htaccess file. From the next request onward, visitors from those countries get an HTTP 403 Forbidden response and never reach your WordPress install.
The feature relies on a country-detection signal at the server level. AdminEase auto-detects which signal your environment provides and uses the right one:
CF-IPCountry header sent by Cloudflare’s edge. Available on any plan, free or paid.GEOIP_COUNTRY_CODE environment variable set by the GeoIP Apache module on your hosting server.If neither Cloudflare nor a server-side GeoIP module is available, AdminEase has no way to determine the visitor’s country and the feature stays disabled. Contact your host to enable GeoIP, put the site behind Cloudflare (free plan is enough), or use Pro to take advantage of MaxMindDB.
How to enable it
- Confirm a country source is available. Open AdminEase › Security and scroll to Block Specific Countries. If the toggle is greyed out with a message about server compatibility, your host doesn’t expose a country signal yet. Set up Cloudflare or contact your host before continuing.
- Pick the countries to block. Once the toggle is enabled, the country picker becomes active. Search by name and select as many as you need. The picker uses two-letter ISO country codes internally.
- Add whitelist exceptions if needed. On Pro, use Whitelisted IP Addresses to allow specific IPs through even if their country is blocked. Useful for office IPs or partners in otherwise-blocked regions.
-
Save settings.
AdminEase writes (or rewrites) the managed block in your site’s
.htaccess. Test from a non-blocked location first; if you need to test the block itself, use a VPN or a service likegeo.ipify.orgto verify the response.
Settings reference
Core settings (free)
| Setting | What it does | Default |
|---|---|---|
| Enable country blocking | Master switch. Disabled when your server doesn’t expose a country signal AdminEase can read. | Off |
| Block specific countries | Multi-select picker of countries to deny. Search by name. Selecting nothing means nothing is blocked. | Empty |
Pro extras
| Setting | What it does | Default |
|---|---|---|
| Whitelisted IP Addresses Pro | One IP per line. Requests from these addresses are always allowed, even if the country is blocked. | Empty |
| Allow common bots Pro | Multi-select from a curated list of well-known crawlers (Googlebot, Bingbot, etc.). Selected bots bypass the block so search-engine indexing isn’t broken in blocked countries. | Empty |
| Allow specific bots Pro | Free-form list of additional user-agent strings to whitelist. Use for niche crawlers or services not in the common-bots list. | Empty |
What gets written to .htaccess
When you save, AdminEase emits a marker block in your .htaccess that looks roughly like this (the exact form depends on which provider AdminEase detected):
# BEGIN AdminEase
# Cloudflare compatibility
SetEnvIf CF-IPCountry RU BlockCountry
SetEnvIf CF-IPCountry CN BlockCountry
<RequireAll>
Require all granted
Require not env BlockCountry
</RequireAll>
# END AdminEaseAnything outside the BEGIN AdminEase / END AdminEase markers is preserved untouched. AdminEase manages only its own block and rewrites it on every save.
AdminEase backs up your .htaccess the first time it activates and restores it on deactivation. If something goes wrong, deactivating AdminEase via SFTP returns the file to its pre-AdminEase state.
Common workflows
Block a region while keeping search engines indexing
On Pro, enable Allow common bots and tick the search engines you care about. Their crawlers will pass through the country block via user-agent matching, so your SEO isn’t disrupted.
Whitelist your office
Add your office’s public IP to Whitelisted IP Addresses. Even if you’re visiting from a blocked country (e.g. a colleague travelling), the IP exception lets you through.
Audit which countries are hitting your site
Pair this feature with Network Viewer, which records the country of every incoming request. Sort by country in the viewer to see where traffic comes from before deciding what to block.
Troubleshooting
The country toggle is greyed out
Your server doesn’t expose a country signal. Three options: put the site behind Cloudflare (free plan is sufficient), ask your host to enable the Apache GeoIP module, or upgrade to Pro for MaxMindDB compatibility.
I’m getting blocked from my own site
You’re visiting from a blocked country. Either temporarily turn the feature off via WordPress admin from a different IP/VPN, or add your IP to Whitelisted IP Addresses (Pro) before enabling the block.
Visitors from non-blocked countries can’t reach the site either
Open .htaccess and confirm the AdminEase block isn’t conflicting with another rule. If you’re using Cloudflare and the country header is missing on some requests, the block falls open (allows access) by default. If you have additional Require directives elsewhere in the file, they may override AdminEase’s rule.
Search engines stopped crawling after I enabled this
You’re likely on the free plan and have blocked a country your search-engine crawlers report as. Pro’s Allow common bots solves this; alternatively, free-plan users can avoid blocking countries where major crawler datacentres are located.