How to Block IP Address in WordPress

block ip address WordPress

Do you receive unwanted comments and unwelcomed emails from some visitors on your site? Or do you notice a delay in page load time of your site? If yes, it could mean some users are trying to gain unauthorized access for some illicit purpose. However, dealing with this kind of activity may be a cause for concern as the security of your site is your top priority. Therefore, blocking the incoming IP addresses, known for carrying out such activities, from accessing your WordPress site, could be one great way to secure it.

In this article, we’ll certainly show you how to do this. Learn how to get rid of intruders accessing your website and improve your site’s security overall.



  1. What IP Addresses are
  2. Reasons for Blocking an IP Address
  3. Ways to Block IP Addresses
    1. Through WordPress Admin Dashboard (Block Comments)
    2. Use of IP Blocker on Cpanel
    3. Htaccess file directive
    4. Automated block through Plugin

What IP Addresses are

IP (Internet Protocol) address is a unique string of numbers that identifies a particular internet connection. It comprises four sets of numbers and a dot separates each set. The IP number remains the same because it is specifically tied to a particular computer. Therefore, WordPress records all IP address that access your site in the access log files of your website. In addition, IP addresses help you identify visitors and their activities on your site.

Reasons for Blocking an IP Address on WordPress site

The first reason for blocking an IP address is to stop a hacking attempt by naughty site visitors. Their goal for visiting your site is very different from the purpose you had in mind.

You also need to block an IP address that launches DDoS (Distributed Denial of  Service) attacks on your site. The attack occurs if your website becomes inaccessible, or your page load time increases. In this case, it is crucial to identify the culprit IP addresses and block traffic from them.

NOTE: A distributed denial-of-service (DDoS) attack is an attempt to interrupt the normal flow of traffic to a server or network. In other words, it overwhelms the target with a flood of automated traffic. Likewise, DDoS attackers achieve this by using many compromised computer systems for traffic attack.

You may also block IPs that are spamming your site with comments and emails.

Ways to block IP Addresses on WordPress site

You can ban suspected IP addresses from accessing your sites. Depending on the type of attack, here are a few things you certainly need to do to block culprit IP addresses.

Through WordPress Admin Dashboard (Block Comments)

Firstly, go to the comments section of your site through the Admin Dashboard. All the users who have commented on your site will be visible. The IP address will be right under the user’s profile.

Secondly, copy the specific IP address of the user who posted a spam comment.

spam comment ip address


  1. Go to “Settings > Discussion” section.
  2. Scroll down to the “Comment Blacklist” section.

comment blacklist

  1. Type in or paste the IP address you want to block in the text box.
  2. Save your settings.

This will surely prevent the user with the specific IP address from accessing “comments” on your site.

Use of IP Blocker on Cpanel

This method is the best way to block IP addresses of site invaders and DDoS attackers.

Firstly, login to Cpanel of your site, scroll to the “Metrics” menu and select “Raw Access”.

cpanel raw access

Two different access logs will be displayed:

  1. Current Raw Access Logs
  2. Archived Raw Logs

raw and archived logs

In the “Current Raw Logs” section, the system stores only a few hours worth. Meanwhile, the “Archived Raw Logs” keeps “Raw Logs” data.

Each logged visit includes your site visitor’s IP addresses as well as the time and date of each visit. All you need to do is click on the link to download all the information. You can also extract the IP address using any zip folder application like Express Zip or WinZip. You can then view the information by using any modern text editors like Notepad, Notepad++.

Be sure to look up the extracted IP addresses through an IP lookup tool such as this one by mxtoolsbox. This will help you identify the IP addresses that you would want to block traffic from.

Next, scroll to “Security” section of your cpanel, and click on IP Blocker.

cpanel ip blocker


  1. Type into the text-box the IP address you wish to block. You can type in a range of IP addresses you wish to deny access to your site.
  2. Click Add.

add ip on ip blocker to block wordpress ip address

These IP addresses will surely no longer be able to access your site.

Htaccess file directive

Now, we’re going to explore two ways you can block IP addresses through the htaccess file, in particular.

Firstly, login to your site’s cpanel, scroll to “Files” and click on File Manager.

file manager

.htaccess and other dot files are hidden by default in the root folder. To be able to view this file, click on Settings at the top right corner of your screen.

file manager


Secondly, check “Show hidden files(dotfiles)”, click on Save to save the changes.


show hidden files at htaccess


To block IPs:

  1. Locate and select the .htaccess file
  2. Next click on Edit.

edit htaccess to block ip address on wordpress

Add this rule

1. order allow, deny

2. deny from

3. allow from all

Remember to replace sample IP with the one you want to block.

htaccess block ip address wordpress

Click on Save Changes.

Block selected IP Addresses on your WordPress site

The steps above, however, will only block one IP address. If you would rather like to exclude more IP addresses, add them in new lines.

Add these rules to your .htaccess.

order allow,deny
deny from
deny from
deny from
deny from
deny from
allow from all


block ip address on htaccess

Click on “Save Changes”.

Block a range of IP Addresses on your WordPress site

You can also deny access for a range of IP addresses, for instance, to

Add this rule to your .htaccess.

order allow, deny
deny from
allow from all

range of ips

Click on “Save Changes”.

Similarly, if you have Yoast SEO installed, you can edit your .htaccess file from your WordPress Admin Dashboard.

Firstly, click on “SEO” on the left panel of your dashboard, and then select “Tools” > ”File editor”

seo tool file editor

Next, edit the content of your .htaccess file, and click “Save Changes”

edit htaccess with yoast seo

Automated block through Plugin

The task of blocking an individual IP address or a range of IP addresses altogether can be tedious. Security plugins such as WordFence and All In One WP Security & Firewall can help you track down offending IPs and block them without your knowledge or action.

These plugins indeed offer a range of site security services which include:

  1. User accounts, login, and registration security
  2. File system security
  3. Database security
  4. Blacklist and Firewall feature
  5. Brute force attack protection
  6. Security scanner
  7. Front-end text copy protection
  8. Comment spam filtering
  9. Regular updates

To learn how to install and use these plugins, please read our WordPress Security guide.

Conclusion on How to block IP addresses in WordPress

Keeping your site spam free and reducing hack attempts to a minimum is by all means important to a good online presence.

We hope this article will help you rid your site of unwanted visitors, as well as spam comments and emails. By blocking suspicious IP addresses from accessing, you will also be able to prevent malicious users from accessing your site.

More Resources: