We recently worked on a platform dedicated to Canadian companies. We particularly noticed that several users were impersonating Canadian companies to create an account. To remedy the problem, we opted to restrict account creation only to users in Canada. In this article, we look at how using PHP you can limit your website to users in one country. We will also see how our approach can help you.
We simply developed a PHP function that uses the ipwhois.app platform to retrieve information about an IP address. Then we used CURL and the Json_decode function to convert the information into an array. You can follow updates to this feature via our GIT account .
You can use this function on your website by detecting in real time the IP of your users and obtaining their country. Later, you could better control who has access to certain features of your website.
There are several limitations to this approach:
Apart from the three limitations above, there are obviously several other limitations that we haven't dwelt on. We'll show you some approaches to compensate for the limitations.
When a user uses a VPN, their IP address is that of the VPN; therefore, it is complicated to detect its IP. However, you can use other barrier measures to reassure yourself that you have good protection on your platform. An example may be the use of two-tier authentication. Companies are increasingly combining the user of a password with verification via a telephone number. In this case, they send an SMS to users via their phone number to validate that they are really in a given geographical area. This approach can be an additional approach to limit abuse or loss of time.
The ipwhois.app platform is one example among many others. It offers a paid option if the free version is quite limited for your need. So, to be reassured of not having to reach your limit, you can subscribe to the paid version. If the options presented by this site do not seem satisfactory to you, you can several other options online offering more or less the same service.
In case you are using the free version, one approach to avoid exhausting the number of requests while limiting your website to users in one country would be to better plan the usage. You can, in particular, use it only on the login page. Alternatively, after account creation, you can use it to automatically detect the account creation link and delete the account.
Never lose sight that having the country of your users is not synonymous with security. However, it is one more step to protect your solution. In addition to country or region detection, you can consider other protective measures.
A set of strategies can be developed upstream of the concept of user country detection. It is true that this may have limitations; but can also help in certain circumstances. Thank you for taking the time to read our article. If you have any comments, it would be a pleasure to read you at the bottom of this article. You can also contact us using the contact form .
Gilblas is a senior entrepreneur and developer with around 13 years of experience, deeply involved in the WordPress community. He helps SMEs grow through custom web solutions and training. He stands out for his ability to automate and industrialize website creation through Phoenix Forge.