How to Block IP Address in WordPress

How to Block IP Address in WordPress

Do you receive unwanted comments and unwelcomed emails from some visitors on your site? Or do you notice a delay in page load time of your site? If yes, it could mean some users are trying to gain unauthorized access for some illicit purpose. However, dealing with this kind of activity may be a cause for concern as the security of your site is your top priority. Therefore, blocking the incoming IP addresses, known for carrying out such activities, from accessing your WordPress site, could be one great way to secure it.

In this article, we’ll certainly show you how to do this. Learn how to get rid of intruders accessing your website and improve your site’s security overall.



  1. What IP Addresses are
  2. Reasons for Blocking an IP Address
  3. Ways to Block IP Addresses
    1. Through WordPress Admin Dashboard (Block Comments)
    2. Use of IP Blocker on Cpanel
    3. Htaccess file directive
    4. Automated block through Plugin
  4. Conclusion

What IP Addresses are

IP (Internet Protocol) address is a unique string of numbers that identifies a particular internet connection. It comprises four sets of numbers and a dot separates each set. The IP number remains the same because it is specifically tied to a particular computer.

Therefore, WordPress records all IP address that access your site in the access log files of your website. In addition, IP addresses help you identify visitors and their activities on your site.

Reasons for Blocking an IP Address on WordPress Site

Blocking IP addresses is a crucial security measure for any WordPress website owner. It’s not just about keeping your site tidy; it’s about safeguarding your digital presence against a range of malicious activities.

Therefore, let’s delve into the primary reasons why blocking certain IP addresses becomes necessary.

Combating Spam Comments

One of the most common nuisances for website owners is spam comments. These aren’t just annoying; they can clutter your site with irrelevant content. Therefore, they can make it look unprofessional and deter genuine user engagement.

Spammers use automated bots to post these comments, and by identifying and blocking their IP addresses, you can significantly reduce the influx of such unwelcome content.

Thwarting Hacking Attempts

The digital landscape is fraught with threats, and hacking attempts are among the most severe. Hackers often probe websites for vulnerabilities, using various IP addresses to execute their malicious intents.

Whether it’s trying to gain unauthorized access to your admin area or injecting harmful code, blocking suspicious IP addresses can serve as an effective barrier against such breaches.

Preventing Brute Force Attacks

Brute force attacks are another critical concern, where attackers use trial-and-error methods to crack passwords and gain entry into your site. These attacks are not only a threat to your website’s security but can also consume significant server resources, slowing down your site for legitimate users.

Blocking the IPs involved in such persistent attempts can help protect your site’s integrity and maintain its performance.

Safeguarding Against DDoS Attacks

Distributed Denial of Service (DDoS) attacks aim to overwhelm your website with a flood of traffic, rendering it inaccessible to real users. These attacks can originate from a range of IP addresses and can be devastating for your online operations.

Identifying and blocking the IPs contributing to such attacks is essential in mitigating their impact and keeping your site available to your audience.

Ways to block IP Addresses on WordPress site

You can ban suspected IP addresses from accessing your sites. Depending on the type of attack, here are a few things you certainly need to do to block culprit IP addresses.

Through WordPress Admin Dashboard (Block Comments)

Firstly, go to the comments section of your site through the Admin Dashboard. All the users who have commented on your site will be visible. The IP address will be right under the user’s profile.

Secondly, copy the specific IP address of the user who posted a spam comment.

spam comment ip address


  1. Go to “Settings > Discussion” section.
  2. Scroll down to the “Comment Blacklist” section.

comment blacklist

  1. Type in or paste the IP address you want to block in the text box.
  2. Save your settings.

This will surely prevent the user with the specific IP address from accessing “comments” on your site.

Use of IP Blocker on Cpanel

This method is the best way to block IP addresses of site invaders and DDoS attackers.

Firstly, login to Cpanel of your site, scroll to the “Metrics” menu and select “Raw Access”.

cpanel raw access

Two different access logs will be displayed:

  1. Current Raw Access Logs
  2. Archived Raw Logs

raw and archived logs

In the “Current Raw Logs” section, the system stores only a few hours worth. Meanwhile, the “Archived Raw Logs” keeps “Raw Logs” data.

Each logged visit includes your site visitor’s IP addresses as well as the time and date of each visit. All you need to do is click on the link to download all the information. You can also extract the IP address using any zip folder application like Express Zip or WinZip. You can then view the information by using any modern text editors like Notepad, or Notepad++.

Be sure to look up the extracted IP addresses through an IP lookup tool such as this one by mxtoolsbox. This will help you identify the IP addresses that you would want to block traffic from.

Next, scroll to “Security” section of your Cpanel, and click on IP Blocker.

cpanel ip blocker


  1. Type into the text box the IP address you wish to block. You can type in a range of IP addresses you wish to deny access to your site.
  2. Click Add.

add ip on ip blocker to block wordpress ip address

These IP addresses will surely no longer be able to access your site.

Htaccess file directive

Now, we’re going to explore two ways you can block IP addresses through the htaccess file, in particular.

Firstly, login to your site’s cpanel, scroll to “Files” and click on File Manager.

file manager

.htaccess and other dot files are hidden by default in the root folder. To be able to view this file, click on Settings at the top right corner of your screen.

file manager


Secondly, check “Show hidden files(dotfiles)”, and click on Save to save the changes.


show hidden files at htaccess


To block IPs:

  1. Locate and select the .htaccess file
  2. Next, click on Edit.

edit htaccess to block ip address on wordpress

Add this rule

order allow, deny
deny from
allow from all

Remember to replace sample IP with the one you want to block.

htaccess block ip address wordpress

Click on Save Changes.

Block selected IP Addresses on your WordPress site

The steps above, however, will only block one IP address. If you would rather like to exclude more IP addresses, add them in new lines.

Add these rules to your .htaccess.

order allow,deny
deny from
deny from
deny from
deny from
deny from
allow from all


block ip address on htaccess

Click on “Save Changes”.

Block a range of IP Addresses on your WordPress site

You can also deny access for a range of IP addresses, for instance, to

Add this rule to your .htaccess.

order allow, deny
deny from
allow from all

range of ips

Click on “Save Changes”.

Similarly, if you have Yoast SEO installed, you can edit your .htaccess file from your WordPress Admin Dashboard.

Firstly, click on “SEO” on the left panel of your dashboard, and then select “Tools” > ”File editor

seo tool file editor

Next, edit the content of your .htaccess file, and click “Save Changes”

edit htaccess with yoast seo

Automated block through Plugin

While manual methods of IP blocking offer a level of control, they can be time-consuming and might not always provide comprehensive protection.

So, this is where the power of security plugins comes into play. They offer an automated as well as sophisticated approach to safeguarding your site.

The Role of Security Plugins

Security plugins serve as vigilant guardians for your WordPress site because they continuously monitor traffic and analyse visitor behavior. Also, they automatically block IP addresses that exhibit suspicious or malicious patterns.

This automation not only enhances your site’s security but also frees up your time. It allows you to focus on other aspects of your website management.

WordFence: A Comprehensive Shield

WordFence is a widely respected security plugin known for its robust firewall and malware scanner. It actively scans your site for vulnerabilities and malicious code and therefore offer real-time protection.

One of its standout features is the ability to automatically block IP addresses associated with failed login attempts, known malware sources, and brute force attacks. WordFence’s live traffic view also allows you to monitor visits and hack attempts in real-time, giving you a clear picture of your site’s security status.

Sucuri: Beyond IP Blocking

Sucuri is another heavyweight in the WordPress security arena, offering a suite of features designed to protect your site from a variety of threats. While it excels in malware detection and removal, Sucuri’s firewall is particularly effective at preventing DDoS attacks, XSS attacks, and brute force attempts.

By deploying a cloud-based firewall, Sucuri filters out bad traffic before it even reaches your site, ensuring that only legitimate visitors gain access. The plugin also maintains a blacklist of known malicious IP addresses and automatically blocks them, providing a robust layer of defense against potential threats.

Automating Security: The Way Forward

Using security plugins like WordFence and Sucuri for automated IP blocking is akin to having a dedicated security team watching over your site 24/7. These plugins not only react to threats but also use advanced algorithms to predict and prevent future attacks.

By leveraging their capabilities, you can significantly enhance your WordPress site’s security posture, ensuring peace of mind for both you and your users.

To learn how to install and use these plugins, please read our WordPress Security guide.

Conclusion on How to block IP addresses in WordPress

Keeping your site spam free and reducing hack attempts to a minimum is by all means important to a good online presence.

We hope this article will help you rid your site of unwanted visitors, as well as spam comments and emails. By blocking suspicious IP addresses from accessing, you will also be able to prevent malicious users from accessing your site.

More Resources:

 This post was written by Mesheal Fegor

Mesheal Fegor is a Web/WordPress Developer and technical writer. His WordPress help articles have been featured on Kinsta and other sites. Mesheal holds a master's degree in computer science. His writing focuses on technical WordPress issues, ranging from core WordPress problems, to issues with WooCommerce, and more.

Last edited by: FixRunner Team