How to Block IP Address in WordPress
Do you receive unwanted comments and unwelcomed emails from some visitors on your site? Or do you notice a delay in page load time of your site? If yes, it could mean some users are trying to gain unauthorized access for some illicit purpose. However, dealing with this kind of activity may be a cause for concern as the security of your site is your top priority. Therefore, blocking the incoming IP addresses, known for carrying out such activities, from accessing your WordPress site, could be one great way to secure it.
In this article, we’ll certainly show you how to do this. Learn how to get rid of intruders accessing your website and improve your site’s security overall.
Content:
What IP Addresses are
IP (Internet Protocol) address is a unique string of numbers that identifies a particular internet connection. It comprises four sets of numbers and a dot separates each set. The IP number remains the same because it is specifically tied to a particular computer. Therefore, WordPress records all IP address that access your site in the access log files of your website. In addition, IP addresses help you identify visitors and their activities on your site.
Reasons for Blocking an IP Address on WordPress site
The first reason for blocking an IP address is to stop a hacking attempt by naughty site visitors. Their goal for visiting your site is very different from the purpose you had in mind.
You also need to block an IP address that launches DDoS (Distributed Denial of Service) attacks on your site. The attack occurs if your website becomes inaccessible, or your page load time increases. In this case, it is crucial to identify the culprit IP addresses and block traffic from them.
NOTE: A distributed denial-of-service (DDoS) attack is an attempt to interrupt the normal flow of traffic to a server or network. In other words, it overwhelms the target with a flood of automated traffic. Likewise, DDoS attackers achieve this by using many compromised computer systems for traffic attack.
You may also block IPs that are spamming your site with comments and emails.
Ways to block IP Addresses on WordPress site
You can ban suspected IP addresses from accessing your sites. Depending on the type of attack, here are a few things you certainly need to do to block culprit IP addresses.
Through WordPress Admin Dashboard (Block Comments)
Firstly, go to the comments section of your site through the Admin Dashboard. All the users who have commented on your site will be visible. The IP address will be right under the user’s profile.
Secondly, copy the specific IP address of the user who posted a spam comment.
Thirdly:
- Go to “Settings > Discussion” section.
- Scroll down to the “Comment Blacklist” section.
- Type in or paste the IP address you want to block in the text box.
- Save your settings.
This will surely prevent the user with the specific IP address from accessing “comments” on your site.
Use of IP Blocker on Cpanel
This method is the best way to block IP addresses of site invaders and DDoS attackers.
Firstly, login to Cpanel of your site, scroll to the “Metrics” menu and select “Raw Access”.
Two different access logs will be displayed:
- Current Raw Access Logs
- Archived Raw Logs
In the “Current Raw Logs” section, the system stores only a few hours worth. Meanwhile, the “Archived Raw Logs” keeps “Raw Logs” data.
Each logged visit includes your site visitor’s IP addresses as well as the time and date of each visit. All you need to do is click on the link to download all the information. You can also extract the IP address using any zip folder application like Express Zip or WinZip. You can then view the information by using any modern text editors like Notepad, Notepad++.
Be sure to look up the extracted IP addresses through an IP lookup tool such as this one by mxtoolsbox. This will help you identify the IP addresses that you would want to block traffic from.
Next, scroll to “Security” section of your cpanel, and click on IP Blocker.
- Type into the text-box the IP address you wish to block. You can type in a range of IP addresses you wish to deny access to your site.
- Click Add.
These IP addresses will surely no longer be able to access your site.
Htaccess file directive
Now, we’re going to explore two ways you can block IP addresses through the htaccess file, in particular.
Firstly, login to your site’s cpanel, scroll to “Files” and click on File Manager.
.htaccess and other dot files are hidden by default in the root folder. To be able to view this file, click on Settings at the top right corner of your screen.
Secondly, check “Show hidden files(dotfiles)”, click on Save to save the changes.
To block IPs:
- Locate and select the .htaccess file
- Next click on Edit.
Add this rule
1. order allow, deny
2. deny from 111.112.13.15
3. allow from all
Remember to replace sample IP with the one you want to block.
Click on Save Changes.
Block selected IP Addresses on your WordPress site
The steps above, however, will only block one IP address. If you would rather like to exclude more IP addresses, add them in new lines.
Add these rules to your .htaccess.
order allow,deny
deny from 111.112.13.1
deny from 111.112.13.18
deny from 111.112.13.122
deny from 111.112.13.149
deny from 111.112.13.155
allow from all
Click on “Save Changes”.
Block a range of IP Addresses on your WordPress site
You can also deny access for a range of IP addresses, for instance, 111.112.13.1 to 111.112.13.155
Add this rule to your .htaccess.
order allow, deny
deny from 111.112.13.1.
allow from all
Click on “Save Changes”.
Similarly, if you have Yoast SEO installed, you can edit your .htaccess file from your WordPress Admin Dashboard.
Firstly, click on “SEO” on the left panel of your dashboard, and then select “Tools” > ”File editor”
Next, edit the content of your .htaccess file, and click “Save Changes”
Automated block through Plugin
The task of blocking an individual IP address or a range of IP addresses altogether can be tedious. Security plugins such as WordFence and All In One WP Security & Firewall can help you track down offending IPs and block them without your knowledge or action.
These plugins indeed offer a range of site security services which include:
- User accounts, login, and registration security
- File system security
- Database security
- Blacklist and Firewall feature
- Brute force attack protection
- Security scanner
- Front-end text copy protection
- Comment spam filtering
- Regular updates
To learn how to install and use these plugins, please read our WordPress Security guide.
Conclusion on How to block IP addresses in WordPress
Keeping your site spam free and reducing hack attempts to a minimum is by all means important to a good online presence.
We hope this article will help you rid your site of unwanted visitors, as well as spam comments and emails. By blocking suspicious IP addresses from accessing, you will also be able to prevent malicious users from accessing your site.
More Resources:
- WordPress two factor authentication
- Vary Accept-encoding Header Error: How to Fix in WordPress
- How To Find, Create And Use htaccess File In WordPress