I’m looking for assistance in blocking certain countries or ranges of IP addresses from my Shopify store. I don’t have access to the htaccess file, so I’m curious about other methods I can use. I’ve noticed a lot of unwanted visits from specific areas, and I want to prevent those users from being able to browse my site at all. Are there any specific apps, modifications to liquid code, or different strategies available to set up this kind of IP blocking? My main goal is to restrict access based on countries, but I’d also like to find a way to block specific IP addresses as well. Has anyone found a successful way to manage this kind of access restriction on their Shopify store without relying on server-level settings?
Honestly, just use Blockify or Minfraud - way easier than coding it yourself. I tried building my own JS solution and it kept breaking on mobile. These apps handle everything for $5-15/month, which beats losing sales to sketchy traffic. Plus they auto-block VPNs.
Had this same issue six months back - getting slammed with bot traffic from regions that’d never buy anything. Shopify won’t give you server access, so I had to get creative with a few different tricks. Best thing I did was drop a JavaScript geo-blocking script right into my theme.liquid file. It pings a free geolocation API, checks where visitors are coming from, and boots the unwanted ones to a blocked page. For specific troublemakers, I built a simple script with an array of banned IPs that does the same redirect. Sure, someone could disable JavaScript and slip through, but it catches 95% of the junk traffic. Also threw together some Shopify Flow automation to tag orders from sketchy countries and auto-cancel them. Not bulletproof, but it killed most of my problem traffic without paying for those monthly app subscriptions.
Been fighting this same issue for years across different projects. Those apps and scripts people recommend work, but you’re stuck with monthly fees or constantly fixing them when APIs break.
I moved everything to Latenode automation and haven’t touched it since. Built a workflow that watches Shopify traffic logs, spots patterns from problem regions, and updates block lists automatically. It grabs visitor data, runs geolocation checks, and triggers store actions.
Best part? You can create smart rules - allow legit crawlers while blocking sketchy traffic. Mine connects to multiple IP databases so it catches VPNs and proxies.
Goes way beyond blocking too. Mine feeds data to analytics, updates customer tags, and changes inventory visibility by region. No app fees, no broken scripts after Shopify theme updates.
First workflow takes about an hour to build, then runs itself. Way better than crossing your fingers that JavaScript won’t break.
I’ve had the same headaches. Shopify Plus Scripts worked great for me - you write Ruby code that runs before checkout and blocks countries right at cart level. For general browsing, I mixed two approaches: grabbed a geoblocking app from the store ($10/month but worth it) plus custom liquid code using IP geolocation services. Liquid’s trickier since it’s server-side after page load, but you can redirect blocked traffic to a ‘service unavailable’ page. Watch out though - don’t accidentally block search crawlers or your SEO tanks. Found that out the hard way when my organic traffic nosedived.
Had the same issue when click farms started hitting my store hard last year. Here’s what actually worked: I combined Shopify’s built-in market restrictions with some custom liquid code. The geographic restrictions in Markets settings catch most of it at the CDN level before it even reaches your store. Then I added liquid conditionals that check request headers and visitor patterns - either shows different content or redirects them completely. Just make sure you don’t block real customers. I whitelist legitimate IP ranges and test everything multiple times. Pro tip: turn on Shopify’s fraud analysis tools - they’ll auto-flag weird geographic patterns so you don’t have to manually block every single address.
Had this exact problem last winter - fraudulent traffic killed our conversion rates. Cloudflare’s free plan + Shopify saved us. You get country-level blocking at DNS level before requests hit your store. Way better than JavaScript solutions that get bypassed easily. Set up geo-restrictions in their dashboard and add custom rules for specific IPs. Best part? Blocked visitors don’t eat your bandwidth or mess up analytics since it happens upstream. Took 30 minutes to set up, results were instant. You lose some control vs app-based solutions, but the reliability’s worth it. Haven’t touched the config since.