Workaround for Age Verification: Geo Blur Images – WordPress Plugin
 

https://i.postimg.cc/bJbcyrfR/geo-bl...screenshot.png

As a temporary workaround for Age Verification (AV) check on WordPress sites, I created a lightweight plugin that automatically blurs all JPG images on a website based on the visitor's location. It's completely SEO friendly, and does not block search engine bots from crawling pages.

You can download it here.

It can be used temporarily, until more permanent AV check solution is implemented.

The plugin uses MaxMind GeoLite2 database (Cities files), and you need to download it and replace empty placeholder file(s) provided.

== Description ==
This plugin is ideal for websites that need to obscure image content based on legal or regional restrictions, such as:
- Age-restricted content.
- Geo-targeted campaigns.
- Legal compliance in specific jurisdictions.

== Features ==
- Detects country and US state using the MaxMind GeoLite2 database.
- Simple admin settings panel to choose target countries/states.
- Blurs all .jpg images, even those loaded via CDN or external URLs.
- Uses CSS blur filter (no image replacement or delay).
- Performance-friendly — only activates for targeted users.
- Easily extendable — feel free to build on it.

== Installation ==
- Upload the plugin to /wp-content/plugins/geo-blur-images/
- Activate it via the WordPress Plugins menu.
- Download and place the MaxMind GeoLite2 City database in the /MaxMind/ directory (the provided file is just a placeholder). You’ll need to create a MaxMind account and download the GeoLite2-City.mmdb file.

== How it works ==
- On page load, PHP checks the visitor’s IP and matches it with the GeoLite2 database.
- If the user is in a targeted country or state, all .jpg images are blurred using CSS.
- No server-side image processing is involved.

Please feel free to reuse the code or improve it. Sharing your modifications is more than welcome! You can reuse it for any kind of projects, not necessarily just Wordpress.The plugin is submitted to Wordpress.org and will be available upon approval.

If anyone has a complete list of ISO country codes or US state names for blocking, please share them in the comments below.

So far I was able to find the following:

Countries (ISO 3166-1 codes): UK,FR,DE,IT
U.S. States (2-letter abbreviations): LA,AR,VA,UT,MT,TX,NC,IN,ID,FL,KY,NE,GA,AL,KS,OK,MS ,SC,TN,SD,WY,MO
(You can add those codes to the plugin admin menu.)

Countries:
United Kingdom
France
Germany
Italy

US States:
Alabama
Arkansas
Florida
Georgia
Idaho
Indiana
Kansas
Kentucky
Louisiana
Mississippi
Montana
Nebraska
North Carolina
Oklahoma
South Carolina
South Dakota
Tennessee
Texas
Utah
Virginia
Wyoming

Please let me know if something was missed.

Might as well add North Dakota to the list. That goes into effect Aug 1st. Quick and easy solution for wp users that are still deciding on which provider to integrate, good job! :thumbsup

*That db is not the best, it won't catch all the locations, but otherwise for now, it's a good start.

Edit: Customer still needs to be age verified if/when they join/pay.

Thank you!

I'm not a programmer and it's Sunday night. Somebody more skilled better be tweaking that code and fix it. :1orglaugh

P.S. At some point I broke the code while trying to make it more compliant for Wordpress.org submission. It's too late already to have another look today. If no one else fixes it in the meantime, I'll have a look tomorrow and fix it myself.

If you look into the laws even linking with plain text to adult sites is covered, especially if the focus of your site is on enticing.

Version 1.0.1 uploaded. Issues fixed. The code should work now. Background images added, as well.

List updated with North Dakota:

Countries (ISO 3166-1 codes):*UK,FR,DE,IT
U.S. States (2-letter abbreviations): LA,AR,VA,UT,MT,TX,NC,IN,ID,FL,KY,NE,GA,AL,KS,OK,MS ,SC,TN,SD,WY,MO,ND

So true, but say that to Google. :winkwink:

I haven't looked at it or downloaded, so not sure if you already have done so. But, personally, I would add a disclaimer somewhere that does not hold you responsible for ANYTHING before allowing anyone to download/use the plugin. People are sue happy

Google is exempt with the 33% rule in the ones I've checked.

What happens if a user clicks on an image and loads the full size version which is not served via Wordpress? So for example it basically loads the domain.com/images/hottie-1.jpg directly.. then it won't be blurred. :(

I was also thinking about this...


and with this set up, i take it, the images stay blurred and some people would rather pay an AVS for a quid and see the free images :2 cents:

I have never in history PAID to use an AVS. This is always covered by the site operator, are you seriously trying to waste the time your customers are pulling out credit cards to have them fill that information in for a completely different company? Then expecting them to return to give you money too?

Exactly what % of traffic do you think would drop off from that insane process?

:1orglaugh

Url redirection for non registered users ?

The issue I see is that anyone can just remove the filter: blur() from the inspector and see everything. I'm sure people are already coming up with Chrome and Firefox extensions to remove that filter.

Do you have a github of the plugin? Myabe I can take a look and see if there's a way to fork it to use an image library in the background to blur the images server side.

well for my blog personally, it´s not insane to get verified for 2 quid and then see all my free content, pics, clips and erotic stories...


for ModelCentro sites, I can´t change the YOTI verification & again, it needs paying, so that´s just what my British traffic is going to have to do....


and it´s the government that´s insane, not the process that I have adapted on my blog or websites :2 cents:

So far all they seem to care about is how the page renders. They are never going to be able to stop tech savy users from figuring out ways to bypass.

I've been doing the same thing for mechbunny clients, so far so good. They are considered compliant. But if it comes down to it, I would make a path to request images that generates a blurred version and saves/caches it in a directory.

Lots of good info there, Marshal!

once wordpress accepts it, that would be good

Thank you for your advice. Added.

isn't that law valid only in Louisiana State?

The ZIP archive contains all the files you need.

The idea was to to keep it stupid simple, and JS blur all the JPG images only. It was created to be easily used with external images as well, such as images hosted on a CDN.

If you want to expand the script, what you can do is to implement BlurHash, process each image, save the hash in the database, and show it instead of an actual image. This is a process usually used in lazy loading. The only downside of this approach is that it can't be used on externally hosted images (CDN), unless you can control CORS policies and/or keep a copy of images locally.

Feel free to modify the code to your own needs, and share it. It might be helpful to others.

One update: It is not UK, but GB.

So, the complete list should be:
Countries (ISO 3166-1 codes):GB,FR,DE,IT
U.S. States (2-letter abbreviations): LA,AR,VA,UT,MT,TX,NC,IN,ID,FL,KY,NE,GA,AL,KS,OK,MS ,SC,TN,SD,WY,MO,ND

Based on the Free Speech Coalition’s latest summary (July 2025), these states require age verification only if more than 1/3 (≈ 33.3%) of a website’s content is considered material harmful to minors:

Alabama (33⅓ %)

Arizona (33⅓ %) — effective Sept 26, 2025

Arkansas (33.33 %)

Florida (33.30 %)

Georgia (33.33 %) — law effective July 1, 2025

Idaho (1/3)

Indiana (1/3)

Kentucky (1/3)

Louisiana (33⅓ %) — first state to enact the law

Mississippi (33⅓ %)

Montana (33⅓ %)

Nebraska (1/3)

North Carolina (33⅓ %)

North Dakota (33⅓ %) — law begins August 1, 2025

Oklahoma (1/3)

South Carolina (33⅓ %)

Tennessee (33⅓ %)

Texas (1/3)

Utah (33⅓ %)

Virginia (33⅓ %)

Wyoming — unlike most, has no threshold; any adult content triggers AVS requirements

https://www.freespeechcoalition.com/...ce=chatgpt.com

Thank you! That was very helpful!

One more update: IE - Ireland added.

So, the complete list should be:
Countries (ISO 3166-1 codes):GB,FR,DE,IT,IE
U.S. States (2-letter abbreviations): LA,AR,VA,UT,MT,TX,NC,IN,ID,FL,KY,NE,GA,AL,KS,OK,MS ,SC,TN,SD,WY,MO,ND

Upwards of 90%. It will kill most companies/websites in terms of traffic and signups if they push the cost onto the surfer.

No, there has to be either:

1. A reasonably-priced solution for webmasters (say $1 per 10,000 verified)
2. A solution webmasters can host on their own servers with a one-time cost (can be high but will be considered the cost of doing business, in the $1-5K range)
3. AVS adopted by the major processors (CCBill, Epoch, etc) who would pass along that cost to account holders, either in a yearly fee or taking a higher %. This would include merchant accounts with banks.*

Anything that costs a surfer money to visit a theoretically FREE site will simply not work.

* I will take any reasonable cost-effective solution but I am hoping the processors and banks will be the ones who will implement AVS systems for their account holders. Because if suddenly thousands of accounts close then the CC processors will be equally damaged so they have a vested interest in getting involved here.

While I agree, and I think trying to figure out how to stop every possible scenario / bypass might sound silly, you never know what these nutjob district attorneys / prosecutors, sue happy people might do.

A quick and easy option (if you are super concerned) would just be to prevent hotlinking. This will stop any direct linking to images with a few lines of code in your htaccess file. This could potentially cause other issues, so would have to test it out. It will also prevent any hotlinking to *ALL* images on your site, so I won't provide any code unless someone really wants it. If you have all of your *NSFW images in a specific directory, you can just target that directory as well, to avoid all images from being restricted from hotlinking, but doubtful that's how wordpress is setup for most users. And if this is wordpress, I'm certain there is already a plugin for that, so might be easier to use a plugin and do it that way.

This plugin appears to do just that:

Hotlink File Prevention (HFP) plugin
One notable option is the Hotlink File Prevention (HFP) plugin. This plugin enables you to protect individual files in your WordPress media library from hotlinking by leveraging .htaccess rules in the wp-content/uploads directory. It adds a "Hotlink Protection" checkbox when editing individual media files, allowing you to easily enable or disable this feature for specific items.

Edit (Added)
There may be others as well, so do your own research. This is not a replacement for the plugin that Marshal created, just an additional layer of protection since a couple people were concerned about users being able to open up big images and not being blurred. I also have no idea if the plugin works for new versions of wp, or will cause any conflicts with your site -- use at your own risk.

with hotlink protection, you´re images wouldn´t be seen on forums and other social media, always good for traffic & advertising :2 cents:

thank you! much appreciated! giving my best. :upsidedow

Correct. But, you don't want NSFW images to be seen to anyone, unless they have confirmed their age....right??

Either way, there are solutions:

1) If you use the simple htaccess method you can allow which sites can hotlink your images.

2) The plugin I mentioned allows you to "choose" which images cannot be hotlinked. So, you would choose all of your NSFW images.

Anyway, everyone has a different need, you'll have to figure it out and apply what works best for you so you can abide by the current laws. And I really don't want to take this thread off topic. Maybe Marshal can integrate a solution into his plugin.

Where did you get this info from? And who you are referring to?

Considered compliant by who?

Please provide more info. It would be helpful for a better understanding of the whole AVS thing.

Quick question, as I'm not the most codiest code person sometimes, but I'm assuming things like WP Fastest Cache will not cache the wrong (blurred/unblurred) version and serve that to everyone, yes?

Will probably be fine, but you have to test it.

The idea is to blur images on the client side. Based on the local geo db check, the user gets a js code served that does it in the browser.

It worked well with a some other caching plugins. I didn’t do any specific testing, but how hard can it be to get it on your site, get the Maxmind GeoLite2 database in a minute, and test it by enabling your country?

Hope someday human beings will understand that real harm comes from governments always and not from porn itself. Do you remember almost 20 years ago, a leftist/socialist bitch had a proposal for a porn ban in the European Commission, and because of people fighting back, they locked the EU Commission's emails to avoid these people reaching them. I doubt people are still as smart as they were 20 years ago.

I've put together a small script that blurs images (JPG, WebP, GIF) on the server level. This ensures that even if a user opens an image in a new tab or window (outside of the PHP script/framework), the image will still appear blurred. The script also caches the processed images, so they don't need to be blurred again on subsequent page loads.

It is triggered only for users located in the following U.S. states, as determined by the free MaxMind GeoLite2 database: AR, AL, AZ, FL, GA, IN, ID, KY, KS, NC, ND, NE, MT, MO, MS, OK, SC, TN, TX, UT, VA, WY.

The entire setup consists of three files, plus a small change to the .htaccess file to route all JPG, WebP, and GIF requests through the script. There's no need to modify existing scripts.

The main limitation of this approach is that it only blurs images served from the same domain—embedded or externally hosted images are not affected.

https://avs.quest/

Playboy had a list of zip codes they would not do business with because of obscenity laws.

This might be a good idea.

Most are just blurring on the front end with CSS. The original image isn't blurred.

Just according to clients of mine who have sought legal advice. Their lawyer outline what they needed and I coded it for them. The whole thing is a mess though and ever-changing. What we need is age verification as a feature on devices built into the OS. Then if someone loads your site the browser lets you know, and then you can just show them a message that it's required. If it was just the adult industry I wouldn't hold my breath, but sports gambling sites need that feature too.

According to a recent webinar on age verification, gambling sites need to implement KYC (which has a higher litmus test than age verification,) and they also do not need to challenge anyone until they attempt to gamble. The laws are different. Simply watching gambling is not part of the requirement, so I don't think there's going to be any cross-connection between these two industries. My understanding is whether you are accepting funds to show adult content or not (i.e., tour) you still need to age verify against your risk assessment.

I don't think CSS blurring is very risk averse, and I won't personally suggest it for clients. I'm working on a WordPress plugin similar to this one, but it will actually batch transcode images to be blurred. I also include this as part of my custom CMS/transcoder products, which is an extra step to blur content.

You can use BlurHash and generate hash for each image, save it in the database and show it instead of each image.

I was also thinking: you could XOr the pictures (or just the (data) body of the pictures) with a key, and there is certainly a way to xor back the original picture with a php script once the user is identified, but having a blurred and an unblurred picture is likely better for se traffic.

Thank you for the information! BlurHash looks interesting, but I think since that solution is designed to send both the image and the blurhash in one payload for lazy loading purposes, it probably wouldn't work to prevent legal concerns.

I may look at using BlurHash for other things though. GD and Imagick blurring is really efficient, but if this is more efficient, it might be nice to integrate with some of the apps and transcoders I build.

BlurHash string is calculated for each image, and you need to store it. It's basically a tiny image derived from the original image, that can easily be delivered inline (inside HTML code).

What you can do with your code is only sending the BlurHash string, without the full image, until the user is permited to access the content.

Intended purpose for BlurHash is to HTML load inline (tiny) images for lazy loading.

But if you "break" the process, and deliver only hash strings, you can get an effectively blurred images based on the original ones, without actually sending the original images. Which is totally law compliant, and allows you to avoid "duplicating" the original images by blurring them. Which saves disk space.