NexiGuard – IP & Geo Access Control

NexiGuard – IP & Geo Access Control is a public WordPress access control plugin for administrators who need to restrict site access using local IP rules and optional GeoIP data. Features include:

• Block List mode: visitors matching rules are blocked.
• Allow List mode: only visitors matching rules are allowed.
• Exact IP address rules.
• CIDR range rules for IPv4 and IPv6.
• Country and region/state rules when a GeoIP provider is configured.
• Optional blocking for the frontend, login page, REST API, and XML-RPC.
• 403, 404, or custom blocked responses.
• Custom blocked messages with plain text and basic safe HTML.
• Safe visitor IP detection using REMOTE_ADDR by default.
• Optional Cloudflare visitor IP detection.
• Optional trusted proxy header support.
• Bulk import for IP/CIDR rules.
• Export and import settings as JSON.
• Optional minimal blocked-attempt logs.
• Admin lockout protection and an emergency bypass constant.

Privacy and GeoIP IP blocking works without any third-party service. Country and region blocking requires either a readable local GeoIP database or an explicitly configured API provider. Visitor IP addresses are not sent externally unless an administrator selects API provider mode and configures an API endpoint. Optional logs store only date/time, IP address, matched rule type, and requested path. Admin safety NexiGuard is disabled by default after activation. Logged-in administrators are never blocked by default. The admin screen displays the detected admin IP and requires confirmation before adding an IP/CIDR rule that matches it. Emergency bypass: define NEXIGUARD_DISABLE as true in wp-config.php to stop all blocking.

1.0.0

• Initial public release.