Block website by country but access back and front end when logged in

Our company is located in Japan and, to avoid competition, we need to completely block our website to all visitors in Japan and keep it open to the rest of the world.

However, we need to be able to access our admin backend e.g. /wp-admin and /wp-login.php and see the entire website in Japan, if an admin is logged in.

So far, I easily managed to block the entire website in Japan by adding a simple firewall rule: (ip.geoip.country eq “JP”) action: block.

Could you please let me know how to bypass the rule as the website admin to see the entire website back-end and front-end in Japan? Our IPs are dynamic so blocking by IP won’t work.

Thank you very much for your time!

You might want to use a plugin for example like some of the “maintenance mode” plugins, or take a look a bit on WordPress documentation about function is_user_logged_in() - > is_user_logged_in() | Function | WordPress Developer Resources and implement it to your need into your theme functions.php or index/home.php file to show all the content if user is logged into, while nothing if user isn’t logged into (also you can combine it with checking what logged-in user can do, or by it’s e-mail, or if it’s admin or not, else therefore based on the “privileges” determine further actions) → current_user_can() | Function | WordPress Developer Resources.

You can also set and send some HTTP header, or cookie, then check it with Firewall Rules or similar approach and ideas.

Using Cloudflare Access / Teams, this can be done, and I know enough people already using it and working fine :wink: