Use ipdata’s Geolocation Data to Protect & Customize Your Site

    Adrian Try

    This article was created in partnership with ipdata. Thank you for supporting the partners who make SitePoint possible.

    Modern websites are becoming more and more effective at customizing content based on their visitors’ location. They can redirect users to a page in their own language, display prices in the local currency, pre-fill webforms with location information, and show the current time and date for the correct timezone.

    ipdata is a low-latency API that provides website owners with a wide variety of information about their visitors based on IP address (IPv4 and IPv6). Think of it as an IP geolocation and threat intelligence API.

    By using a visitor’s IP address you can learn their continent, country, region, city, latitude and longitude, organization or ISP, and timezone. The API also detects Proxy and Tor users, as well as known spammers and bad bots. Blocking these risks will protect your website, and reduce the need for security strategies like CAPTCHA.

    Let’s look specifically at some ways ipdata can help, and how to implement them on your own website.

    Redirect Visitors and Localize Content

    When you visit the ipdata website you’ll immediately see what the service is capable of. Everything that can be learned from your own IP address is displayed.


    That data includes:

    • Whether you’re in the EU,
    • Your city,
    • State or region (and region code),
    • Country (and country code),
    • Continent (and continent code),
    • Latitude and longitude,
    • Postal or zip code,
    • Country calling code,
    • Your country’s flag emoji,
    • Your service provider’s ASN and carrier information,
    • Languages,
    • Currency (name, code, symbol, plural),
    • Time zone (name and abbreviation, offset, daylight savings time, current time),
    • Threat information (Tor, Proxy, anonymous, known attacker, known abuser, threat, bogon).

    You can call ipdata’s API on each page request to geolocate your visitors and localize their content. Here’s a handful of ideas of what you can achieve:

    • Restrict or block access to your content to specific countries or continents,
    • Redirect users to country-specific (or language-specific) sites or pages,
    • Pre-fill your webforms with their location data,
    • Show your visitors their local time and weather,
    • Display events that are near your visitors, or available flights in their area,
    • Serve targeted ads based on location,
    • Enforce GDPR compliance,
    • Automatically convert prices on your e-commerce store to their local currency, using the correct currency symbol,
    • More accurately analyze where your traffic is coming from.

    You can get a client’s IP address using JavaScript, but it’s a bit of work. Instead, use ipdata’s API. It’s super-fast and reliable across all browsers. Here’s the code:

        $.get("", function(response) {
        }, "jsonp");

    Once you have a visitor’s API address, ipdata’s documentation shows you how to get their location in 26 different languages. You’ll also find detailed tutorials on how to code for a variety of use cases. Here are a few examples.

    To block (or allow) users by country, look up the ISO 3166 ALPHA-2 Country Codes for the ones you want to blacklist or whitelist. Then follow this sample code to learn how to blacklist or whitelist them.

        // List of countries we want to block
        // To see this in action add your country code to the array
        var blacklist = ['US', 'CA', 'UK', 'IN']
        // Getting the country code from the user's IP
        $.get("", function (response) {
          // Checking if the user's country code is in the blacklist
          // You could inverse the logic here to use a whitelist instead
          if (blacklist.includes(response.country_code)) {
            alert('This content is not available at your location.');
          } else {
            alert("You're allowed to see this!")
        }, "jsonp");

    Redirecting users by country is useful if you have country-specific online stores, or if you have a separate page with content in their language or with country-specific contact details.

    Here’s an example of how to redirect your visitors located in Germany and Australia. They will be redirected from to and

        // Getting the country code from the user's IP
        $.get("", function (response) {
          if (response.country_code == 'UK') {
            window.location.href = "";
            } else if (response.country_code == 'DE') {
            window.location.href = "";
            } else if (response.country_code == 'AU') {
            window.location.href = "";
        }, "jsonp");

    You can also personalize the content of your site depending on the user’s location. Here’s an example that displays a special offer to UK visitors only:

        // Getting the country name from the user's IP
        $.get("", function (response) {
          if (response.country_code == 'UK') {
            alert("Special offer for all our users from " +response.country_name+ "!");
        }, "jsonp");

    Instead of targeting a whole country, you can drill down to region, city or postal code (zip code). Alternatively, you could target a time zone or specific currency.

    You can further personalize your content by displaying the user’s local time (adjusted for DST) and local currency symbol. To request time zone data for IP address “”:

        $ curl

    You’ll receive this response, which includes the name and abbreviation of the time zone, its UTC offset, whether it is currently DST, and the local time:

            "name": "America/Los_Angeles",
            "abbr": "PDT",
            "offset": "-0700",
            "is_dst": true,
            "current_time": "2019-03-27T01:13:48.930025-07:00"

    Currency detection is similar. Here’s an example for the IP address “”:


    And the response:

            "name": "Australian Dollar",
            "code": "AUD",
            "symbol": "AU$",
            "native": "$",
            "plural": "Australian dollars"

    Protect Your Website from Threats

    You can also use ipdata to identify potential threats against your website. They maintain a database of over 600 million malicious IP addresses, open proxies, Tor nodes, spammers, botnets, and attackers. These are aggregated only from high-quality, authoritative sources. You can use this information in a variety of ways:

    • Protect your comments by blocking known spammers and bad bots, alleviating the need for CAPTCHA,
    • Detect frauds by determining if their credit card is from a country different to where they are located,
    • Block anonymous traffic to eliminate the risks that come from such networks,
    • Block high-risk countries, such as the countries where most of your malware and attacks originate,
    • Prevent “free trial abuse” by detecting Proxy and Tor users.

    Here’s how to access the threat data for the IP address “”:


    The request generates the following response:

            "is_tor": true,
            "is_proxy": false,
            "is_anonymous": true,
            "is_known_attacker": false,
            "is_known_abuser": false,
            "is_threat": false,
            "is_bogon": false

    The visitor is using a Tor network. is_anonymous is true if the visitor is either a Tor or Proxy user. You can use ipdata to stop anonymous users creating an account. Here’s some sample code from the official documentation:

        // Getting the anonymity status from the user's IP
        $.get("", function (response) {
          if (response.threat.is_anonymous) {
            alert("You are not allowed to create an account.");
        }, "jsonp");

    You can get more specific, for example, by blocking Proxy users but letting Tor users through:

        // Getting the anonymity status from the user's IP
        $.get("", function (response) {
          if (response.threat.is_proxy) {
            alert("You are not allowed to create an account.");
        }, "jsonp");

    Some users are repeat offenders, having been repeatedly reported by admins of other websites for spam or malicious activity. You can stop them from creating an account by blocking them if one of these fields are true:

    • is_known_abuser: IP addresses that have been reported to be sources of spam,
    • is_known_attacker: IPs that have been reported to be the source of malicious activity.

    Why Choose ipdata?

    ipdata compares very favorably with other IP Geolocation APIs. It is written in Python 3 with an average execution time of 2.9 ms. It’s fast and reliable enough to keep a long list of clients happy, including Comcast, Redhat, Cooperpress, Sphero, AMD, and NASA.

    ipdata is highly scalable, with low latency globally. The API serves millions of requests every day at an average speed of just ~65ms, and runs in eleven data centers around the world:

    • 4 in the US,
    • 1 in Canada,
    • 2 in Europe (London and Frankfurt),
    • 1 in India (Mumbai),
    • 1 in South America (Sao Paulo),
    • 1 in Europe (Seol), and
    • 1 in Australia (Sydney).

    According to Jonathan Kosgei, the Founder of ipdata, execution time is kept low by not doing any database reads or writes in the application code. “A separate authorizer function handles getting usage data from DynamoDB and authorizing users based on whether they’re within their quota or not. And its results are cached.”

    Start Geolocating Your Visitors with ipdata

    By now I’m sure you’ve thought of a dozen ways you can use ipdata to enhance and protect your website, or those of your clients. Sign up for free and start testing it!

    You can read more about ipdata’s infrastructure in these articles: