Are you looking to enhance your WordPress site’s security by mastering IP address blocking?
By the end of this guide, you will know how to implement robust IP address blocking to elevate the security of your site.
Here’s a sneak peek of what you will uncover:
The importance of IP blocking How to find IP addresses How to implement IP blocks Ready to secure your site? Let’s dive in!
Reasons to Block IP Addresses
Every device that connects to a network utilizing the internet protocol is identified by a distinct numerical code , referred to as an IP address.
It serves as a device’s identifier and allows it to send and receive data over the internet, ensuring that the information reaches the correct destination.
Here are reasons why you might need to block some IP addresses:
Reason Description Benefits Preventing spam and malicious attacks Blocks proactive measures to safeguard your WordPress site from irrelevant content and harmful code. Keeps the site clean, improves user experience, and enhances security. Stopping unauthorized login attempts Thwarts bots and malicious actors from guessing login credentials to gain unauthorized access to your site. Maintains the integrity and security of your website; ensures only authorized access. Reducing server load from known bad sources Prevents IP addresses associated with DDoS attacks from overwhelming the server with high-volume requests. Preserves bandwidth, ensures website speed and availability, and can reduce costs.
Here’s an example:
In September 2023, Kuwait’s Ministry of Finance was the target of a phishing ransomware attack (here’s the source
To counter this threat and prevent further damage, Kuwait swiftly isolated the Ministry and other government systems.
That was a clear example of how blocking or isolating IP addresses from which attacks originate can help protect critical infrastructure and prevent the spread of an attack.
Recognizing the need to block IP addresses underscores the crucial role of web hosting in your website’s security and performance.
Secure your WordPress site further with SiteGround’s robust hosting service, crafted for superior performance and enhanced security.
Here’s what you stand to gain with SiteGround:
Benefit from 99.9% uptime guarantee Only for $3.99/month — that’s already for an entire year of seamless hosting Experience a hosting platform tailored for global reach and performance With SiteGround, you’re not just choosing a hosting service — you’re choosing a partner dedicated to speed, stability, and superior performance for your website.
How to Find IP Addresses
But how do you know what specific IP address to block?
Identifying the right IP addresses to block involves monitoring your website’s traffic and analyzing patterns.
There are two easy ways to do this:
In the WordPress comments From raw access logs
In the WordPress comments
If the suspicious IP addresses that you want to block are from the comments, there’s an easy way to do that (especially useful if moderate your comments).
From the admin dashboard , navigate to the comments section using any of the methods below:
Using the comment icon from the top toolbar Clicking the comments item from the sidebar 👉 Related : How to Change the WordPress Admin Color Scheme (Guide)
You will see here a list of all the comments made on your website.
Each comment entry typically displays the following:
Commenter’s name Email address IP address Here’s an example of Darrel’s site (spam section of the comments):
You can spot potential spammers by looking for patterns such as multiple comments from the same IP address in a short period, or comments containing irrelevant links and content.
Once you identify an IP address that seems suspicious, you can take steps to block it to prevent further spam or malicious activities on your site.
From raw access logs
For this, you need to access your hosting account and get to the control panel admin (the button that will get you there varies from one hosting to another).
For example, with A2 Hosting, you can see the login button right in the client area:
👉 Related : A2 Hosting Review: Is the cPanel Integration Enough?
If you’re using a cPanel , follow these steps:
Go to the metrics section Click the raw access button Within the raw access page:
Click on the domain name Save and extract the log fileUse a text editor (a notepad will do) These logs contain detailed records of every request made to your website — including the following details:
Requesting IP address The time of the request The requested resource The response status By analyzing these logs, you can identify suspicious patterns, such as frequent access requests in a short time frame, indicating potential malicious behavior.
How to Block IP Addresses in WordPress
Now that you know how to find the IP addresses that may pose a threat to your WordPress site, how exactly do you go about blocking them?
Fortunately, blocking IPs is a straightforward process, and in this section, we will walk through the different techniques you can use to keep your site secure.
Disallowed comment keys
Disallowed comment keys in WordPress are essentially filters you set in the discussion settings to block comments containing certain words, names, URLs, emails, or even IP addresses.
If a comment contains anything listed in your disallowed comment keys, it won’t be published on your site.
Here’s how:
Step 1: Go to the discussion page From your WordPress dashboard sidebar:
Hover your mouse over settings Click the discussion option
Step 2: Enter the IP addresses
Once you get to the discussion options:
Scroll down to the disallowed comment keys section Enter or paste the IP addresses into the box Make sure to enter one IP address per line :
Step 3: Save the changes
Now scroll down to the bottom of the page and click the save changes button:
IP Blocker tool
The IP Blocker tool in cPanel is a feature that allows you to block specific IP addresses from accessing your website.
It’s a user-friendly method for implementing IP address bans without having to edit your site’s .htaccess file manually.
Here’s how:
Step 1: Access the IP Blocker
To use the IP Blocker tool, log in to your cPanel account:
Navigate to the security section Click the IP Blocker icon
Step 2: Add the IP address
Enter the IP address on the box provided and click the add button:
Unfortunately, as you can see, you can only add 1 IP address at a time. If you use this method with lots of IP addresses, it will take you a lot of time.
Step 3: Check the block list
After entering an IP address, you will see a success banner on another screen.
Once you’ve added the IPs to the block list, cPanel will automatically update the .htaccess file to deny access to these addresses, preventing them from interacting with your website.
If you go back to the previous page, the IP address you blocked will also show in the currently blocked IP addresses :
Manual Blocking via .htaccess
Manual blocking via the .htaccess file is a method that involves editing one of the core configuration files of your WordPress website.
The .htaccess file resides in the root directory of your WordPress installation and can be used to enforce various site-wide rules, including IP blocking.
Here’s how:
Step 1: Access the file
There are 2 ways you can access the .htaccess file:
Using your hosting’s file manager app Using a transfer protocol program like Filezilla For the first option, this works if you have access to the cPanel — the file manager app (something like a Windows Explorer) is in the files section :
Unfortunately, if your web host doesn’t give you a file manager app , your only choice is to use a transfer protocol program like Filezilla
It allows you to upload/download files to/from your server — like this:
⚠️ Note : For file transfer protocol, you need the IP address and server credentials. Check with your hosting provider if you can’t find these details.
If you’re using a file manager app, you may be surprised to find the .htaccess missing. That’s because these kind of files are hidden by default.
You need to show hidden files like this (cPanel file manager):
Click settings on the upper-right corner Check the show hidden files option Hit the save button Can you see the file now?
If yes, all you have to do is right-click on it and select the edit option:
Step 2: Create the file (if it’s not there)
If you can’t find the file, then you need to create it.
Fortunately, it’s quite easy:
Open a text editor (like Notepad) Save the file and name it .htaccess ⛔ Warning : After saving the file, check the folder where you saved it. If the name is .htaccess.txt, delete the .txt part.
Inside the notepad, enter the following script/code (with the IP addresses you want to block):
order deny,allow
deny from 103.187.243.188
deny from 23.104.184.135
deny from 199.102.107.145
deny from 171.4.233.66
deny from 173
allow from all
The IP addresses after deny from are the ones that will be blocked. Make sure to replace those IP addresses in the script/code.
Step 3: Enter the script (if the file is there)
If you check the file and you find that it’s there, there’s no need to delete it and create a new one — simply edit it out.
Similar to the steps above, simply paste the code and enter the IP address that you want to block:
order deny,allow
deny from 103.187.243.188
deny from 23.104.184.135
deny from 199.102.107.145
deny from 171.4.233.66
deny from 173
allow from allIf you’re using a program like Filezilla, you may have to download the file, edit it, upload it again and overwrite the existing file.
But if you’re using a file manager app, just copy and paste the code and save the changes :
Make sure the paste the code below the #END WordPress line in the .htaccess file.
Using WordPress plugins
If you prefer to use plugins, there are a lot of options out there — including full-fledged WordPress security plugins.
But if you only need the IP address blocking functionality, there are three plugins you can use:
1. IP Location Block
The IP Location Block prevent unwanted access to your WordPress site by blocking visitors based on their geographic location.
It also includes specific protections to safeguard against certain types of online attacks.
💻 Key features
Geolocation blocking : Allows you to block visitors from accessing your website based on their geographic location.Zero-day exploit prevention : Offers specific safeguards against zero-day exploits targeting WordPress vulnerabilities.Metadata exploit protection : Protects against attacks that target the metadata of your WordPress installation.Country-based access rules : Let you set access rules for visitors from specific countries to control who can view your site.
2. Blacklisted IP Addresses
This plugin block individual or ranges of IP addresses .
It’s a straightforward solution to enhance your site’s defense against persistent security threats.
💻 Key features
Individual and range blocking : Enables blocking of specific IP addresses or entire ranges to secure your site from unwanted access.Customizable block list : Provides a flexible and editable list to tailor your site’s security needs.User-friendly management : Offers an easy-to-use interface for managing and updating your IP block settings.Quick settings modification : Allows for rapid changes to your block configurations to adapt to evolving security threats.
3. AIS: IP Blocker
AIS: IP Blocker defend your WordPress site against spammers and hackers by blocking malicious IP addresses.
⛔ Warning : As of the time of writing, the plugin hasn’t been tested with the last few WordPress versions. No negative feedback though, but try at your own discretion.
💻 Key features
Conditional IP blocking : Blocks IP addresses based on specific conditions set by the admin.Block management : Provides a system to manage and review IP addresses that have been blocked.User-defined blocking : Allows the admin to define custom settings for which IPs should be blocked.
Blocking IP Addresses in WordPress
Securing your WordPress site by blocking IP addresses is a crucial step in safeguarding against cyber threats.
Armed with the tools to detect and block harmful IPs, either through manual edits or IP-blocking plugins, you can now enhance your site’s defenses.
Keep your digital space safe and ensure a seamless experience for your users with these straightforward security measures.
Wrapping up, it’s vital to address the often cumbersome and costly task of updating themes and templates.
Darrel Wilson offers a solution to simplify your web design endeavors.
Get lifetime access to all premium template kits crafted specifically for Elementor:
Get lifetime access to all premium template kits designed for Elementor Complete with 2 years of dedicated support Only for $99 — that’s already for the lifetime access Embrace the ease of this offer and keep your site effortlessly stylish and up-to-date.
