Well my site has been hacked multipliable times. I am not currently using xenforo as our forums yet. Our site only gets used by 75 people or less. So if I could limit it by state I would....lol So that is why I am asking how to limit to just U.S. ip address. Just want to know the best way to accomplish this.
If you mean you want to completely stop any kind of access for non-US users then probably something in your .htaccess file to do this. Then you'll block at the server level and won't use up as much server resources/bandwidth. If you google "block countries in htaccess" or similar. I would allow US IP addresses and block the rest (rather than the other way around).
If your server has GeoIP installed that is another good way of doing this.
"What is the best way to go about blocking all ip address except for those in the US?"
Blocking all IP addresses except the US addresses would not go too far because people from oversees could use US proxies.
The way to stop them:blocking those proxies.