――When WordPress turned completely white and I panicked
Introduction
One day, after upgrading PHP from version 7.3 to 8.3, I suddenly couldn’t access my WordPress site. Not even the login screen appeared—just a blank white page.
PHP: A programming language that powers the backend of many websites.
I froze, staring at the screen, completely at a loss.
In moments like this, it’s important to note down the error message. Unfortunately, I was too flustered to do so.
※ I vaguely recall it said something like “There has been a critical error on this website.”
Turns out it was caused by “IP Geo Block”
Searching online, I found that a plugin called “IP Geo Block,” designed for security, seemed to be incompatible with PHP 8.x.
Plugin: An extension that adds functionality to WordPress.
Downgrading to PHP 7.4 allowed me to log in again.
Then, after deactivating IP Geo Block and re-upgrading to PHP 8.3, everything worked fine.
※ However, re-enabling it still caused errors on certain pages.
So, the plugin was the root of the issue.
How to maintain security going forward?
Leaving the plugin disabled felt unsafe. I still wanted protection against unauthorized access from abroad.
That’s when I found an alternative plugin: IP Location Block.
IP address: A kind of digital address that can be used to determine the user’s country or region.
It offers country-based access control, similar to IP Geo Block. However, its settings page can be a bit confusing at first glance.
Consulting ChatGPT
I couldn’t find any beginner-friendly guides online for configuring IP Location Block, so I turned to ChatGPT for help.
Although ChatGPT’s knowledge is based on data up to June 2024, some UI elements had changed. I shared screenshots and asked questions directly to get it working.
※ In the end, I successfully configured it to allow login access only from English-speaking countries, while keeping article pages accessible to anyone worldwide.
Step-by-step Configuration Guide
This section outlines how to use IP Location Block to restrict admin login to English-speaking countries while keeping frontend content globally accessible—thus reducing the risk of unauthorized logins.
1. Install and Activate the Plugin
- From the WordPress dashboard, go to “Plugins” > “Add New”
- Search for “IP Location Block”
- Click “Install Now” and then “Activate”
2. Access the Settings Page
- Go to “Settings” > “IP Location Block” from the left menu
- The “Validation Rules and Behavior” section will appear
3. Configure Country-Based Access Control
Basic Rules
- Match Rule: Select “Whitelist” (blocks all countries not listed)
- Whitelist Country Codes: Enter
US, GB, CA, AU(for example — United States, United Kingdom, Canada, Australia) - Use Autonomous System Number: Leave unchecked unless needed
- $SERVER Key to Retrieve Extra IP Address: Enter
HTTP_X_FORWARDED_FOR(useful for cloud environments)
Optional Settings
- Prevent Malicious File Uploads: Enable or disable as needed
- Response Code: 403 Forbidden
- Response Message: Write something like
Sorry, your request cannot be accepted.
Admin Area Protection
Scroll to the bottom and check the following under “Backend Target Settings”:
- Login Form:
Block by location - Admin Area:
Block by location
4. Verify It Works (Using GeoPeeker or Similar)
If you don’t have a VPN, you can test the settings with online tools like GeoPeeker.
- Article Pages (Frontend): Confirm they load correctly from various countries
- Login Page (
wp-login.php): Ensure it’s blocked (403 error) outside of the specified countries
GeoPeeker allows you to simulate access from countries such as the US, UK, Germany, India, etc.
Key Takeaways
- Always document error messages—lesson learned!
- Country-based IP restrictions are less intimidating once you understand the basics
- ChatGPT can be a helpful assistant when you’re navigating unfamiliar plugins
Thanks to this experience, my fear of WordPress security plugins has lessened a bit.
Final Thoughts
Security and risk management are crucial, even for personal blogs.
I wanted to share this experience to help others consider simple and effective ways to secure their sites.
Limiting login access to specific regions is a great first step.
And with a little help, it’s easier than you think.
Next, I might explore comment spam protection or bot-blocking methods…
