I am experiencing a significant platform gap that I believe affects many merchants, and I want to raise it here to build visibility with the product team.
The problem: 34% of my store traffic originates from a region I do not serve (Nigeria). This traffic is accompanied by phishing emails, indicating malicious intent. It is polluting both my Shopify Analytics and Google Analytics 4 — making both platforms unreliable for business decisions.
Why current workarounds don’t work:
Third-party geo-blocking apps block at the storefront level — but the visit registers in Shopify Analytics and GA4 before the block is applied. The data is already polluted.
hCaptcha applies to forms and account pages only — not general browsing traffic.
GA4 filters clean GA4 only — Shopify Analytics remains polluted.
External Cloudflare setup risks breaking Shopify Payments — not viable for standard merchants.
What is needed: Native, merchant-configurable edge-level country/region blocking — before traffic hits the store and registers in analytics. Shopify already uses Cloudflare infrastructure. The capability exists at platform level. What is missing is merchant access to it.
This is a data integrity issue, a security issue, and a gap that no current workaround fully solves.
Support ticket submitted: #65205086
Is anyone else experiencing this? Would appreciate upvotes if this resonates — the more merchants that raise this, the stronger the case for the product team.
These are the peer to peer forums, shopify staff pulled stakes long ago.
Location location location:
For actual feature requests or support contact shopify support advisor DIRECTLY: https://help.shopify.com/ → click question mark button next to chat (as of March 2026)
Then post follow through posts, or search for veery similar discussions.
Thank you Paul, did that prior to posting and nothing was found. Still posting as it might be an issue for other merchants as well.
Appreciate your response..
you’ll probably want to search for and join/crosspost the threads on bot traffic problems.
As it’s the same core problem, merchants not having deeper control over traffic blocking from certain regions, or IP address ranges.
Also if your work with any shopify partners there is a partner townhall in a few days(march 31) that will have an AMA that can be an opportunity to actually get heard and seen by shopify C-suite.
There’s also if your a dev or work with a developer of shopify apps posting this on the dev forums instead . https://community.shopify.dev
Waaaaaaay higher change of getting an actual shopify-dev/staff response.
Especially because the technology multipliers here make this type of thing less likely to be merchant facing feature.
e.g. making something like cloudflares O2O or rules-system an internal feature is complicated enough let alone supporting merchants use of it Shopify · Cloudflare for Platforms docs
