How to Block IP Address in WordPress [3 Easy Methods]

Updated on July 24, 2024 by Editorial Team

Wonder how to block IP address in WordPress? We’ve compiled some of the easiest methods to blacklist IPs from your site.

You must have already heard that WordPress faces about 90,000 cyberattacks every passing minute. So, as a website owner, securing your site should be on top of your to-do list.

One effective way to protect your site against hacking attempts is to block IP addresses that seem suspicious.

Since IP addresses are attached to the device used to access the Internet, blocking them from your site is like stopping cyberattacks at their source.

You can also impose different levels of restrictions, like preventing users from commenting on your post or banning them entirely from accessing your site.

So, join us as we walk you through ways to identify and block malicious IP addresses in WordPress.

Table Of Content

What is an IP Address?

An IP address, short for Internet Protocol address, is a unique identification number assigned by Internet providers to devices or local networks connected to the Internet.

You can think of it as a postal address for your computer on the Internet, allowing it to send and receive data.

IPv4 addresses, i.e., IPs following Internet Protocol version 4, consist of 4 sets of numbers starting 0 to 255, with a period (dot) separating each set.

Here’s an example of an IPv4 address:

6vretphtrlqgtusbd9tc how to block ip address in wordpress [3 easy methods] from the plus addons for elementor

On the other hand, newer IPv6 addresses are longer as they use both strings of text and numbers.

These look like:

3ty8lvtityudf9uwcfa9 how to block ip address in wordpress [3 easy methods] from the plus addons for elementor

Every device on the Internet has a unique IP address. When visitors access your website on their device, your site saves their IP in an access log file on its server.

Why Should You Block Certain IP Addresses in WordPress?

Identifying and blocking malicious IP addresses is an essential step in website management.

Here’s why:

1. Prevent Spam

WordPress gets around 487 billion spam messages every month. Often, these are comments trying to leverage a site’s reach to promote themselves or redirect users to suspicious domains.

But spammers can also submit fake entries in your contact form. Blocking IP addresses is an effective way to reduce irrelevant comments and form submissions on your site.

2. Prevent Brute Force Attacks

Brute force attacks involve attackers using trial-and-error to guess login info and encryption keys or find a hidden web page.

It puts the credentials of your visitors and the site’s admin at risk.

Blocking IPs with countless login attempts can help prevent these attacks, ensuring your site remains secure and accessible.

3. Prevent DDoS Attacks

DDoS or Distributed Denial of Service attacks include driving an enormous amount of fake traffic to a site to clog its resources.

Because of this surge, there’s not enough bandwidth left for your genuine visitors. They face longer loading times, which ultimately affects their user experience.

So, blocking these IP addresses ensures your site remains accessible only to the right people.

4. Safeguard Against Bots

Bots generate almost 38% of all traffic on the Internet. Besides artificially inflating your traffic stats, bots can leave spam comments and even steal your content.

Identifying and blocking malicious IP addresses helps you keep bots at bay.

5. Legal Compliance

Newer cybersecurity norms put a greater responsibility on website owners to take steps to safeguard their sites as well as visitors.

Depending on your country’s policies, you may be required by the law to block suspicious IP addresses.

How to Identify Unauthorized IP Addresses to Block?

Before you can restrict IPs, you must recognize the signs that constitute an IP being malicious. Here are some suspicious activities that can be telltale signs of a problematic IP:

  • Multiple failed login attempts from the same address within a short period can signify a brute force or DDoS attack.
  • A sudden surge in traffic from a specific IP address, especially during odd hours or in large volumes, can indicate a potential threat of cyberattack.
  • Comments and form submissions from users with random usernames with long strings or numbers make a strong case for banning their IP addresses.
  • Frequent requests for URLs known to be vulnerable or that don’t exist on your server might indicate that an attacker is looking for entry points or weaknesses.

Instead of manually scraping these addresses, use a specialized IP lookup tool for the identification process.

These tools reveal the IP address’s location, service provider, and hostname, along with its blacklist status, allowing you easily separate genuine users from suspicious ones.

So, where can you find these IP addresses in WordPress? There are two places you can look for them:

1. WordPress Comments Panel

The easiest way to find IP addresses is to look for them in your WordPress comments panel.

From your WordPress dashboard, head over to the Comments tab.

Here, you’ll find all the comments along with details about users, such as their name, email, and IP address.

Wordpress comment pannel how to block ip address in wordpress [3 easy methods] from the plus addons for elementor

Once you are in the comments panel, try looking for suspicious comments.

These can include comments from users with randomly generated usernames, users whose names and emails don’t match, or comments with links to external web pages.

Note down their IP addresses so you can block as shown later in this post in the “How to Block IP Address in WordPress” section.

To ensure you don’t block your genuine visitors, verify their authenticity using an IP lookup tool.

Ip lookup tool how to block ip address in wordpress [3 easy methods] from the plus addons for elementor

2. Your Site’s Server Logs

The previous method is only suitable for marking obvious spammers.

To identify more sophisticated attacks like abnormal surges in traffic or failed login attempts, you’ll need to access your server logs from your hosting account dashboard.

If you use cPanel hosting, here’s how you can find the access log file:

Step 1. Login to your hosting account and scroll down to the Logssection in the cPanel dashboard.

Step 2. Look for the Raw Access Logs option. Click it, and you’ll be taken to the access logs page.

Raw access logs how to block ip address in wordpress [3 easy methods] from the plus addons for elementor

Step 3. Look for the compressed log file in the Archived Raw Logs section. Click the file name and the logs will be downloaded to your device.

Archived raw logs how to block ip address in wordpress [3 easy methods] from the plus addons for elementor

Step 4. Upload the logs file to an IP lookup tool to analyze their authenticity.

How to Block IP Address in WordPress [Proven Methods]

Here are three ways you can block IP addresses in WordPress:

Method 1: Using Security Plugins to Block IP Addresses in WordPress

The easiest way to block IP addresses is to use a plugin.

You can either download a complete security plugin like All-In-One Security (AIOS), or you can get a plugin like IP Location Block, which is explicitly designed to block IP addresses.

These plugins eliminate the process of manually identifying and blocking unauthorized users. Instead, they automatically identify suspicious IP addresses and restrict them.

They also maintain a log of blacklisted IP addresses and users, along with their location and the time they were blocked.

Here’s how you can use the All-In-One Security plugin to block IP addresses in WordPress:

Step 1. Head over to the Plugins tab and install the AIOS plugin.

Wordpress plugin 1 how to block ip address in wordpress [3 easy methods] from the plus addons for elementor

Step 2. Once the plugin is installed, a new tab called WP Security will be added to your WordPress side menu.

Click it, navigate to Firewall settings, and open the Blacklist tab.

Wp security 1 how to block ip address in wordpress [3 easy methods] from the plus addons for elementor

Step 3. Now, Add the problematic IP addresses in the text field in front of the Enter IP Addresses option. Add only one address in each line.

Click the Save Settings button to save your IP blocklist.

Add the problematic ip addresses how to block ip address in wordpress [3 easy methods] from the plus addons for elementor

You can also use plugins to geo-block users with ease. The feature is essential because most ISPs today have dynamic IPs.

Devices get new IPs when they connect to a network. Geo-blocking helps you identify the location of malicious IP addresses and block traffic from an entire region, be it a city or country.

To achieve this in the AIOS plugin, simply enter the IP range instead of individual addresses.

You must use the “*” symbol to signify a range. Here are some examples of you can specify a range:

Geo blocking how to block ip address in wordpress [3 easy methods] from the plus addons for elementor

Method 2: Manually Block IP Addresses in WordPress

There are also ways to block IP addresses without using a plugin. This method will help you prevent spam comments from blacklisted IPs.

Here’s what you need to do:

Step 1. Login to your WordPress dashboard and head over to Settings > Discussion.

Manually block ip addresses in wordpress how to block ip address in wordpress [3 easy methods] from the plus addons for elementor

Step 2. Once you’re in the Discussion settings, scroll down to locate a Disallowed Comment Keys section.

Disallowed comment keys how to block ip address in wordpress [3 easy methods] from the plus addons for elementor

Step 3. Paste the unwanted IP addresses.

Step 4. Save the changes.

WordPress will now prevent spammers from these addresses from leaving a comment on your site.

However, they can still access your site, which brings us to our next trick.

Method 3: Blocking IP Addresses from .htaccess File

This method also requires some manual effort on your end, but it also blocks users with backlisted IPs from accessing your site.

We’ll have to add problematic IPs to the .htaccess file stored on our site’s root folder.

Here’s how you can edit the .htaccess file in your cPanel account:

Step 1. Login to your cPanel hosting account.

Step 2. Go to Files and then open File Manager.

File manager how to block ip address in wordpress [3 easy methods] from the plus addons for elementor

Step 3. Look for a folder named public_html. Click the plus “+” icon to expand it.

Eptcgqgt5sf9mpucfwga how to block ip address in wordpress [3 easy methods] from the plus addons for elementor

Step 4. Now, search the .htaccess file. Right-click the file name and select the Edit option from the menu.

Htaccess how to block ip address in wordpress [3 easy methods] from the plus addons for elementor

Step 5. Type the following code in the file:

Deny from 123.123.123.123

Step 6. To block multiple IPs, add a space and type the next address as shown below:

Deny from 111.111.111.111 222.222.222.222 333.333.333.333

Save the file, and that’s it. You’ve successfully blacklisted unauthorized IPs from accessing your site.

Note: A periodbefore a file name signifies that the file is hidden by default. So, if you don’t see the .htaccess file in the directory, enable the Show Hidden Files option from the settings.

Do1rg7i4rkac2dckx0qd how to block ip address in wordpress [3 easy methods] from the plus addons for elementor
20 checklist for wordpress site maintenance how to block ip address in wordpress [3 easy methods] from the plus addons for elementor
Do you Manage WordPress Websites? Download Our FREE E-Book of 20+ Checklist for WordPress Site Maintenance. ​



    Wrapping Up

    Actively monitoring comments and incoming traffic can help you identify possible threats to your site.

    Once you’ve identified such users, you can get their IP address from your hosting account and block them using the steps shown above.

    That way, you can easily prevent hackers and other ill-intent users from compromising your site’s security.

    With your site now secured, it’s time to improve its design and functionalities. Check out The Plus Addons for Elementor, a plugin that gives you access to over 120+ widgets, 300+ UI blocks, and 18+ ready-to-use templates.

    Check out the Complete List of 120+ Widgets and Extensions here. Start building your dream website without coding!

    FAQs on Blocking IP Addresses in WordPress

    What happens when you block an IP?

    When you block an IP address, any requests from that address are denied access to your website. This means visitors using that IP cannot interact with, view, or retrieve any data from your website.

    What kind of IP addresses can I block from accessing my website?

    You can block any kind of IP address from accessing your website, whether they are static, dynamic, IPv4, or IPv6 addresses. Moreover, you can also restrict both private and public IP addresses.

    How do I block an IP address from my WordPress website?

    You can block IP addresses from your WordPress site by adding them to the .htaccess file, which is stored in the public_html folder in your hosting account. Alternatively, you can also use a security plugin that automatically identifies malicious IPs and blocks them.

    Is it possible to block the IP addresses of entire countries?

    Yes, you can block IP addresses of entire countries using plugins that offer geo-blocking tools. These tools help you identify and block all IP ranges assigned to a specific country.

    What if a legitimate user gets blocked by mistake?

    If you ever block a legitimate user by mistake, you can unblock them by removing their IP address from your blacklist. However, before whitelisting the user, verify their IP and ensure that it’s safe to allow them access to your site.

    How often should I update my IP blocks?

    Today, Internet service providers use dynamic IPs, i.e., devices get a new IP every time they connect to a network. So, you must review IP logs regularly, and depending on your convenience, you should update the block list weekly or monthly.

    X