Map Background

How to Detect a VPN with PHP for Free

In this article, we will be providing you an example in detecting either a VPN, proxy, or TOR Exit Node using PHP alongside with our VPN API.

With this code, you can get a general idea on how to implement our VPN detection API within your PHP application. The PHP script has two options that allows you to either automatically obtain the client’s IP Address or by manually inputting an IP Address by commenting out the $IP_ADDRESS = $_SERVER[‘REMOTE_ADDR’]; line.

However, our VPN detection API does require an API key, which can be easily obtainable by simply creating a account. Our API keys are free, with a limitation of 1000 requests per a day. Though, that limitation can easily be removed if you were to purchase an API plan.

PHP Code for detecting a VPN:

// Make Content Type into Text
header('Content-type: text/plain');

// Get IP Address
$IP_ADDRESS = ''; # Manual IP Address
$IP_ADDRESS = $_SERVER['REMOTE_ADDR']; # Automatically get IP Address

// Input VPNAPI.IO API Key
// Create an account to get a free API Key
// Free API keys has a limit of 1000/requests per a day

$API_URL = '' . $IP_ADDRESS . '?key=' . $API_KEY;

$response = file_get_contents($API_URL);

// Decode JSON response
$response = json_decode($response);

// Check if IP Address is VPN
if($response->security->vpn) {
	// Add code here for any IP Address that is a VPN
	echo $IP_ADDRESS, " is a VPN.\n";
} else {
	// Add code here for any IP Address that is not a VPN
	echo $IP_ADDRESS, " is not a VPN.\n";

// Check if IP Address is Proxy
if($response->security->proxy) {
	// Add code here for any IP Address that is a proxy
	echo $IP_ADDRESS, " is a proxy.\n";
} else {
	// Add code here for any IP Address that is not a proxy
	echo $IP_ADDRESS, " is not a proxy.\n";

// Check if IP Address is TOR Exit Node
if($response->security->tor) {
	// Add code here for any IP Address that is a TOR Node
	echo $IP_ADDRESS, " is a TOR Node.\n";
} else {
	// Add code here for any IP Address that is not a TOR Node
	echo $IP_ADDRESS, " is not a TOR Node.\n";

Detect VPN IP Addresses with PHP

The PHP code above allows you to easily implement a VPN checker onto your PHP website. With that, you can block or limit VPN users from entering your site. Blocking VPN users can be very beneficial to your site. Not only can it deter VPN users, but it can also reduce malicious activities from happening within your site.

Developers can also use our API as way to create PHP plugins, such as WordPress plugins or forum plugins that allows them to restrict users who have their VPNs enabled.

Detect Proxies with PHP

Proxies can also be another way for users to mask or hide their identity. Though, it may be less secure than VPNs, they are widely available and easily accessible. Free proxies lists can even be found with just a simple Google search. This allows adversaries to endlessly change their IP addresses using the tens of thousands of proxy servers that are available within these lists. With the large amount of proxy servers and the cost being so low compared to VPN servers, proxies are excellent tools for bots or website scrapers.

Though, a great way to prevent bots, scrapers, or bad actors in general is to block any proxy requests. This can be easily done by blocking IP addresses coming from proxy servers, which can be achieved with our API. You can follow our code snippet above to implement a proxy detection system on your PHP website.

Using PHP to detect Tor Exit Nodes

Another way for malicious users to hide their identity online is by using the Tor network. With Tor, the users connection is rerouted several times, making it very difficult for the user to be tracked. Because of this anonymous feature, many attackers, fraudsters, hackers, and spammers tend to use this network. The Tor network can also allow users from the deep web or dark web from accessing your site as well.

Though, you can block all Tor connections from ever coming from your website using our PHP implementation above. With that, malicious users from the Tor network will be blocked and be forced to use their true IP address to access your site.

With limiting or blocking access to proxies, VPNs, and the Tor network, your site will be very difficult for users to hide their identity. Making them much easier for them to be caught if they conduct any bad behaviors within your site.

Visit VPNAPI.IO for more info.