DEV Community

Cover image for How to Block IP Addresses in WordPress?
Denise Sommer
Denise Sommer

Posted on • Edited on

How to Block IP Addresses in WordPress?

Does your WordPress security bother you and spam comments annoy you? If this is the case, you must get to know the process of how to block IP addresses in WordPress admin login?

Once you start grabbing attention from your competitors and the number of visitors increases on your website, you come in the limelight becoming the first target for getting the malicious code and malware on your website.

The visitors (hackers) having a bad intention for your website might leave superfluous content on your website that can hamper your online reputation.

Sometimes such visitors succeed to even link your website with malicious links which they use to hack your website.

Once a site is hacked, the hackers can plant and execute activities like building, storing illegal files and folders, stealing sensitive information, sending spam emails from your webmail account, or even launching attacks on other websites.

The worst part of this is that your admin is not checking all these activities then you come to know about it after your site gets blocked by Google or you will get a “ Your account has been suspended " message from your hosting provider. Take a wiser step and be cautious to prevent this catastrophe from occurring.

There is no denying the fact that IP Blocking is one of the effective ways to protect your WordPress site against spammers.

To initiate IP Address Blocking, you need to know which IP address to block. Well, you can get these addresses from the server logs. The list contains all the IPs that are trying to access your dashboard at a specific time. The administrator of your site should thoroughly inspect any suspicious or unauthorized activity.

Pay close attention to know how to block an IP address in detail. However, moving step by step would be a better approach.

Table of Contents:

  • IP Address and its Significance
  • Reasons to ban IP Addresses
  • Blocking IP Addresses in WordPress Website
  • Conclusion

IP Address and Its Significance

With a standard representation worldwide, an Internet Protocol or IP address is the equivalent of a social security number for a computer irrespective of your geographic location in the world. You can identify an IP address with the following form:

The IP address must be protected to avoid risks of hacking. Here, this is clear that VPN service might help to protect your IP address from the wrong people but it will not hide the address. Your IP address will be a number, like 230.166.217.8
How to Block IP Addresses in WordPress

All the websites are listed or tagged with an IP address that is the technical name of your website. When you type out the URL in the address bar or you do a Google search for a website, you are requesting a folder with the particular IP address to open from a hub of web resources. The computer search only recognizes numbers, not the alphabets of the physical name of your website. A browser can handle millions of such requests.

Mainly IP addresses act as a tracker to note the number of visitors on your website with their address to locate problematic visitors. Now you have the option to secure your website by permanently blocking spam bots, email spammers, hackers, DDoS attackers, and so on. Learn by heart, this is an everlasting solution to protect your website.

The IP address in a more technical form is the network address having four sets of numbers ranging from 0 to 255 separated by dots. Not going into further technical details, for our knowledge sake, whenever we visit any website, their e visitors IP address is stored in your website’s access log.

With a preview of knowledge that we have gained so far regarding IP address and need of blocking, let’s look at the reasons you might need to implement IP address blocking.

Reasons to Ban IP Addresses

We all are internet freaks and aware of consequences one may have to face from spam emails, hacking attempts, suspicious and unwanted visitors, and denial of service attacks (also known as DDOS). These are a few reasons that say, "Hey Ban This Ip Address!"

The simple ignorance such as clutter of emails in the inbox, a plethora of gibberish comments are like sending an invitation to hackers. So, next time be careful loading your inbox and responding to comments.

Another indication that is like a high alert and threat to your website and the actual time to block the IP addresses is when the load time of the website continuously increases and the pages stop displaying the contents. Some more reasons are discussed below:

Spam Comments

Bots have become active on WordPress websites. They start sending spam comments containing advertisements selling illegal products or link to another website which drives away your website traffic.

The plugins handling comments on the WordPress website offer to manually approve comments before they are posted on the website. However, monitoring of the comments is a time consuming and tedious process.

How to Block Specific IP Addresses in WordPress

All you can do is to have an overall look at the comments and detect the comments that are having a link or not having genuine content. Block those IP addresses to maintain the security of the website.

How To Block IP Addresses To Protect Your WordPress Site

Blocking Hack Attacks

A WordPress website is most affected by another type of attack known as cross-site scripting. The comments section of your website is used to hack your website or extract protected information from visitors.

Since the comments are the intrinsic part of a website hence site administrators can't retire it. Such a situation can be resolved only by blocking malicious IP addresses in WordPress websites.

Blocking IP Addresses in WordPress Website

IP address blocking is a long term solution for protecting WordPress website from bots, hackers, and spammers. If you don't take appropriate actions then there will be a heavy strain on the bandwidth that will result in slow speed. The users might not be able to access the website resulting in a business loss. Some of the mandatory steps to maintain a WordPress site are:

Limiting Website Access: Many websites allow access to the website through the registration process. The process takes enough time to monitor the visitors IP address. This way you can reduce the distractions and unwanted users will limit themselves from registering on your website.

Protecting Data: The purpose of hackers is to attempt to infiltrate websites to steal data or other important information. That information can be misused or sold to competitors which are not ethical.

Maintaining Confidentiality: Many companies who keep sensitive records—like transcripts, health records, etc.—are regularly targeted by hackers. fro them it is a must to identify threatening IP addresses, creating a blacklist to immediately block them. It could be dangerous for their data.

Well, we have so far discussed the need of blocking IP Address for WordPress websites. Here we are discussing processes that are usually followed to block IP addresses.

Two methods can be adopted to block IP addresses:
Manual- Opted when you have the complete list of the suspicious IP addresses
Automatic- Using a WordPress plugin, you can comparatively block IP addresses at one go saving your time.

This way you can Automatically blacklist range of IP addresses

After you decide on one of the ways, then the question arises that how to choose IP addresses to be blocked as the WordPress plugins(inbuilt) store all the visitor's IP addresses. So the easy way of doing is to jump to the comments section and note down the IP addresses of those who have left the comments. For this, you need to :

Login to the WordPress dashboard. Go to the comments section -

  • On the next page, a list of comments and IP addresses are displayed. IP addresses of the spam comments can be tracked Often, they are irrelevant to the topics on which the discussion is held.
  • Carefully you must try to find out the comments in foreign languages and links embedded inside the text.
  • Once you receive all the suspicious IP addresses, you can proceed to block them.

Steps to Block IP Addresses

  • Default blocking of comment spammers
  • Blocking individual IP address in cPanel
  • Using a plugin to block user-agent, ban users and block IP
  • Geo-blocking at country level
  • Use WordPress Discussion Option
  • Use htaccess directive

Blocking Comment Spam

On the WordPress website, each time a comment is received, “comments.php” file is executed and the comment is posted in the backend in the SQL Table. The plugins detect false comments and send them to trash directly without your intervention. The method provides a temporary solution. The spammer can again send the mail.

WordPress allows you to block the IP address of such links using the default function.

  • Login to your WordPress admin dashboard.
  • Navigate to “Settings > Discussion” section.
  • Carefully scrutinize the “Comment Blacklist” section.
  • In the text box, type the IP address to block
  • Save these settings.

These steps will stop the hackers from accessing“comments.php” file from the specified IP. Along with the IPO address, you can even block bad words, name, URL and email to impede them sending comments.

Using IP Deny Manager in cPanel

If the user is trying to enter your site as a normal user and has a bad intention to harm the website. If you detect such a user or IP address then the best way is to block this IP address itself. To do so,

  • Login to the hosting account and open cPanel.
  • You will view the IP Deny Manager, open the app.
  • Here you get the option to block individual or range of IP addresses.
  • Enter the IP address you wish to block and click the “Add” button.

Using Automated Tool to Block IP Address

Opening the cPanel and removing the IP addresses might be a hassle every time. One of the comfortable methods is to have a multipurpose security tool like a plugin or scanner that helps to protect your site.

  • Install and activate the tool on your site
  • Open WP Security and go to Blocklist Manager
  • Here you now have to select the IP address or a range and block the access.
  • A plugin can also block your comment section IP addresses

Geo-Blocking

If you don't want to give access to your website to a particular country, region or city, the geo-blocking option allows you to do so. Generally, webmasters URLs of China and Russia are blocked to prevent the hacking attacks.

The same plugin offers a country blocking add The cost of this little high but not more than the security of your website.

Hacking is the way of finding loopholes in a system's security, and exploiting them to bypass security controls. It is often used to break into websites. Hackers use WordPress vulnerabilities present on your website to hack it. Once they have access to your WordPress website, they can carry out all sorts of malicious activities.

WordPress Pharma Hack is one such activity where they take advantage of your SEO efforts to sell their products. They target all your ranked pages without even in your notice and then implement black hat SEO techniques to get them to rank for their products.

Use WordPress Discussion Option

One of the advantages of developing a website in WordPress is having a native comment blacklisting option. The IP addresses can be blocked using this option that is suspicious. The steps will comprise of

  1. Log into the WordPress site and open dashboard
  2. Open the menu, go to the settings and open discus
  3. A section to block comments will open
  4. Here you need to paste the IP addresses which you need to block
  5. In the end, save Changes

Using .htaccess to Block IP

Another effective method to block the IP address is to add a directive in your htaccess file. But for this every time you need to block an IP, you have to access your server where the site is uploaded using FTP. The steps involved are:

  • After you log in, to the server, search for the .htaccess file. You need to enable the hidden files to find out this file
  • To the editing of the file by adding the below lines at the end of the file. You can choose the IP addresses to be blocked example by executing the following command;

Order Deny, Allow
Deny from 1.1.1.1
Deny from 2.2.2.2

At the end, save the .htaccess file and upload back to the server.

Conclusion
The security of your WordPress website is the top priority. Much of the issues related to security can be resolved if you keep monitoring your website regularly or take help of a service provider providing site cleaning and maintenance such as WordPress hacked help.

Such service providers closely keep track of the traffic coming to your website. Nowadays the traffic contains bots and non-human traffic. You need IP blocking for this purpose. The smart techniques used by these non-human resources are so strong that IP Blocking WordPress becomes a necessary action!

Related Posts -

Top comments (0)