[wp-trac] [WordPress Trac] #58698: Request for Geo-Blocking as an Integral Feature of WordPress in an Upcoming Release

WordPress Trac noreply at wordpress.org
Sun Jul 2 23:19:55 UTC 2023 

#58698: Request for Geo-Blocking as an Integral Feature of WordPress in an Upcoming
Release
-------------------------------+------------------------------
 Reporter:  rcnyc              |       Owner:  (none)
     Type:  enhancement        |      Status:  new
 Priority:  normal             |   Milestone:  Awaiting Review
Component:  Security           |     Version:  6.2.2
 Severity:  critical           |  Resolution:
 Keywords:  changes-requested  |     Focuses:  privacy
-------------------------------+------------------------------

Comment (by ayeshrajans):

 > They can publish to their country, to specific countries, or to the
 world (which is the default right now).

 It's rather that WordPress does not apply any restrictions at all, rather
 than "publishing it the the world", except for the password-protected
 pages or other plugin-induced restrictions.


 WordPress can only run in the PHP layer, which is several layers inside of
 a page request-response cycle. The request is by then passed through the
 network/firewall layer, load balancer (if configured), and the web server.
 All of which are more suitable than the latter, to effectively block an IP
 address in the interest of saving system resources. The complexity with
 network and load balancing layer means that WordPress may not even see IP
 address of the user.

 Additionally, the IP address itself is not enough to determine the user's
 country or the location. It needs to refer a database of IP ranges and
 ASNs, and then cross-reference them to determine the location. These data,
 while I argue should be, are not easily accessible in programmable ways,
 so has to be relied on third party (and often commercial) databases such
 as Maxmind. Even the free services available won't cut it for web sites in
 the scale of WordPress as a whole.

 Given WordPress's GPL licensing, and ethos in community and open source, I
 would say that we should not introduce any GeoIP restrictions at all. It
 can be easily outdated or inaccurate, and I don't think the additional
 work to implement and maintain is not worth it, especially considering it
 has to be a lot flexible to be adaptable by the wide range of
 configurations.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/58698#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list