How to properly block countries on Shopify? Getting hit with foreign traffic spikes

Shopify Plus

Topic summary

A merchant is experiencing large traffic spikes from South Korea that artificially inflate visit counts and negatively skew conversion rate metrics. Unlike platforms like Magento or WooCommerce where .htaccess files allow server-level country blocking, Shopify (including Plus) doesn’t provide access to these configuration files.

Current limitations:

  • Available Shopify apps only prevent browsing but still register visits in analytics
  • Server-side blocking isn’t possible within Shopify’s hosted infrastructure
  • One user reports similar issues with German traffic hitting checkout pages visible in Google Analytics but not Shopify metrics

Proposed solution:
Using Cloudflare’s WAF (Web Application Firewall) to block traffic by country at the DNS level. This works independently of Shopify’s infrastructure.

Concerns raised:
One merchant worries about “double Cloudflare” scenarios and reports experiencing cart caching bugs when running Shopify Plus through additional Cloudflare layers, though another participant clarifies that DNS-level Cloudflare control shouldn’t conflict with Shopify’s infrastructure usage.

Summarized with AI on November 1. AI used: claude-sonnet-4-5-20250929.
1

My client is getting hit with huge traffic spikes from South Korea. I’m sure many other Shopify merchants are as well. It skews the conversion rate in a devastating way on those days and impacts the average inappropriately. It also puts an unnecessary load on the server. I’m sure Shopify support can see these spikes coming from scammers in these countries. There are no apps that can block it at this time due to the way Shopify is setup.

What am I missing? What are other merchants doing that’s a reasonable fix?

2 Likes
2

Hello @travisromine

Is your website hosted on any other server? Are you using the Shopify headless channel? If not then could you please tell me why you are having server issue? Since shopify is a hosted solution.

3

Typically with Magento or Woo Commerce we can adjust the HTACCESS file and block countries at will. Shopify and even Shopify Plus won’t allow access to that file and force you to allow all countries to badger the site. The apps I’ve reviewed all just prevent the traffic from surfing the site which is good but still results in a “visit” in the metrics and skews conversion rate. Weird that such a huge provider won’t allow country blocking.

4

Did you find a solution to this problem? My Google analytics shows massive traffic spikes from Germany to the Shopify checkout pages. However, Shopify doesn’t show the traffic in its metrics. I can’t help but feel this traffic may hurt our conversion rates.

2 Likes
5

In Shopify you can’t edit server side things, but you can easily block the traffic from certain countries if you using cloudflare for you DNS settings, just WAF from cloudflare and easily block any country traffic, or make it strict.

https://developers.cloudflare.com/waf/custom-rules/use-cases/allow-traffic-from-specific-countries/

1 Like
6

This is a great solution. The only issue is not all of my clients are running CloudFlare and I thought Shopify was already on Cloudflare so…you’re kinda getting into a weird area by double CloudFlare…I have a client that has Shopify Plus running through additional CF and it’s working but they also have had more bugs than others in regards to cart caching and those types of things. Thanks for the response.

7

I think we need clarification here, Shopify can use cloudflare infrastructure, but it is not related to your traffic, if you domain DNS records are being controlled through cloudflare, then you can control the traffic. There should not be any issue there, it is just DNS controls