block ip address WordPress

How to Block IP Address in WordPress

block ip address WordPress

Do you receive unwanted comments and unsolicited emails from some visitors on your site? Or do you notice a delay in page load time of your site? If yes, it could mean some users are trying to gain unauthorized access for some illicit purpose. Dealing with this kind of activity may be a cause for concern as the security of your site is your top priority.

However, one great way to secure your site against the issues identified is by blocking the IPs known for carrying out such activities from accessing your site.

In this article, we’ll show you on how to do this. Learn how to get rid of intruders and improve your site’s security.

Content:

  1. What IP Addresses are
  2. Reasons for Blocking an IP Address
  3. Ways to Block IP Addresses
    1. Through WordPress Admin Dashboard (Block Comments)
    2. Use of IP Blocker on Cpanel
    3. Htaccess file directive
    4. Automated block through Plugin

What IP Addresses are

IP (Internet Protocol) address is a unique string of numbers that identifies a particular internet connection. It comprises of four sets of numbers and a dot separates each set. The IP number remains the same because it is specifically tied to a particular computer. WordPress records all IP address that access your site in the access log files of your website. IP addresses help you identify visitors and their activities on your site.

Reasons for Blocking an IP Address

The first reason for blocking an IP address is to stop a hacking attempt by mischievous site visitors. Their goal for visiting your site is entirely different from the purpose you had in mind.

 

You also need to block an IP address that launches DDoS (Distributed Denial of  Service) attacks on your site. The attack occurs if your website becomes inaccessible, or your page load time increases. In this case, it is crucial to identify the culprit IP addresses and block them.

 

NOTE: A distributed denial-of-service (DDoS) attack is an attempt to interrupt the normal flow of traffic to a server or network. It overwhelms the target with a flood of automated traffic. DDoS attackers achieve this by using many compromised computer systems for traffic attack.

 

You may also block IPs that are spamming your site with comments and emails.

 

Ways to block IP Addresses

You can bar suspected IP addresses from having access to your sites. Depending on the type of attack, here are a few things you need to do to block culprit IP addresses.

 

Through WordPress Admin Dashboard (Block Comments)

 

First, go to the comments section of your site through the Admin Dashboard. All the users who have commented on your site will be visible. The IP address  will be right under the user’s profile.

 

Copy the address of the user who posted a spam comment.

spam comment ip address

Next:

  1. Go to “Settings > Discussion” section.
  2. Scroll down to the “Comment Blacklist” section.

comment blacklist

  1. Type in or paste the IP address you want to block in the text box.
  2. Save your settings.

 

This will prevent the user with the specified IP from accessing “comments” on your site.

 

Use of IP Blocker on Cpanel

 

This method is the best way to block IP addresses of site invaders and DDoS attackers.

 

First, login to Cpanel of your site, scroll to the “Metrics” menu and select “Raw Access”.

cpanel raw access

Two different access logs will be displayed:

  1. Current Raw Access Logs
  2. Archived Raw Logs

raw and archived logs

In the “Current Raw Logs” section, the system stores only a few hours worth. Meanwhile, the “Archived Raw Logs” keeps “Raw Logs” data.

Each logged visit include your site visitor’s IP addresses, the time and date of each visit. All you need to do is click on the link to download all the information. You can extract the IP address using any zip folder application like Express Zip or WinZip. You can then view the information by using any modern text editors like Notepad, Notepad++.

 

Be sure to look up the extracted IP addresses through an IP lookup tool such as this one by mxtoolsbox. This will help you identify the IP addresses that you would want to block.

 

Next, scroll to “Security” section of your cpanel, and click on “IP Blocker”.

cpanel ip blocker

  1. Type into the text-box the IP address you wish to block. You can type in a range of IP addresses you wish to deny access to your site.
  2. Click “Add”.

add ip on ip blocker to block wordpress ip address

These IP addresses will no longer be able to access your site.

 

Htaccess file directive

We’re going to explore two ways you can block IP addresses through the htaccess file.

 

First, login to your site’s cpanel, scroll to “Files” and click on “File Manager”.

file manager

.htaccess and other dot files are hidden by default in the root folder. To be able to view your this file, click on settings at the top right corner of your screen.

Check “Show hidden files(dotfiles)”, click on “Save” to save the changes.

show hidden files at htaccess

 

To block IPs:

  1. Locate and select the .htaccess file
  2. Next click on “Edit”

edit htaccess to block ip address on wordpress

 

Add this rule

 

1. order allow,deny

2. deny from 111.112.13.15

3. allow from all

 

Remember to replace sample IP with the one you want to block.

htaccess block ip address wordpress

Click on “Save Changes”.

Block selected IP Addresses

The steps above will only block one IP address. If you would like to exclude more IP addresses, add them in new lines.

Add these rules to your .htaccess.

 

1. order allow,deny

2. deny from 111.112.13.1

3. deny from 111.112.13.18

4. deny from 111.112.13.122

5. deny from 111.112.13.149

6. deny from 111.112.13.155

7. allow from all

block ip address on htaccess

Click on “Save Changes”.

 

Block a range of IP Addresses

You can also deny access for a range of IP addresses, for instance, 111.112.13.1 to 111.112.13.155

Add this rule to your .htaccess.

 

1. order allow,deny

2. deny from 111.112.13.1.

3. allow from all

range of ips

Click on “Save Changes”.

 

Alternatively, if you have Yoast SEO installed, you can edit your .htaccess file from your WordPress Admin Dashboard.

Click on “SEO” on the left panel of your dashboard, and then select “Tools” > ”File editor”

seo tool file editor

Edit the content of your .htaccess file, and click “Save Changes”

edit htaccess with yoast seo

 

 

Automated block through Plugin

The task of blocking an individual IP address or a range of IP addresses can be tedious. Security plugins such as WordFence and All In One WP Security & Firewall can help you track down offending IPs and block them without your knowledge or action.

These plugins  offer a range of site security services which include:

    1. User accounts, login, and registration security
    2. File system security
    3. Database security
    4. Blacklist and Firewall feature
    5. Brute force attack protection
  1. Security scanner
  2. Front-end text copy protection
  3. Comment spam filtering
  4. Regular updates

 

To learn how to install and use these plugins, please read our WordPress Security guide.

Conclusion

Keeping your site spam free and reducing hack attempts to a minimum is important to a good online presence.

We hope this article will help you rid your site of unwanted visitors, as well as spam comments and emails. By blocking suspicious IP addresses, you will be able to prevent malicious users from accessing your site.