How To Block Ip Addresses In Wordpress

Have you seen a high volume of login requests from the same IP addresses?

This is a classic symptom of a website brute force attack. As your website expands, so will the number of security challenges it encounters. It might be through brute-force attacks or spamming remarks. But, if not managed appropriately, these attacks might cause your website to slow down. Or, in the worst-case situation, result in a hack.

Your site stores both your personal information and any other user data. Hence, it is vital to keep it secure. Dealing with these intruders should thus be a great concern. Blocking any IP addresses that appear malicious is an easy approach to get rid of them.

Issues such as a constant bombardment of login requests or spam comments may appear to be minor annoyances. But they can quickly escalate into larger issues. If attackers gain access to your website. They may:

  • Place malicious files on it
  • Steal your information
  • Sivert your users
  • Deface it and demand money

Fortunately, protecting your website from known attackers is simple. Blocking IP addresses in WP is an effective approach to safeguard your site from spammers and attacks. Let’s talk about what, why, and how IP addresses are blocked on WordPress.

What is an IP Address?

Consider IP addresses as a country, street, and home number if the internet were a physical world. They are four groups of numbers ranging from 0-255 that are separated by dots and appear as follows:

An IP address is assigned to each computer connected to the internet by the ISP.

Every visitor to your website is assigned an IP address, saved in the access log files. It implies that your IP address is saved on every website you visit.

Using a VPN service, you can hide this information. It allows you to conceal your IP address as well as other personal data.

Why should you Restrict IP Addresses in WordPress?

Spammers or hackers may be attempting to assault your website. To avoid spam or malicious users, you’ll need to blacklist IP addresses in WordPress. You can keep them out by blacklisting their IP addresses. Here are four reasons why you might consider blocking them:

1. Too much spam

Commenters may be adding to the spam on your site regularly. In your comment section, you’ll come across some unscrupulous adverts. You’ll be able to do the following by barring these shady visitors:

  • Allow your website’s SEO to stay in good shape.
  • Save the time you would have spent moderating comments.
  • Make your website more professional-looking.
  • Make it impossible for spammers to create a new account.
  • Protect your WordPress site from brute force attacks.
  • Prevent assaults such as SEO spam, spam links injection, wordpress site redirection to another site, Japanese keywords hack, SQL injection, pharma hacking, and a variety of other hacks that arise due to many security flaws in a wordpress site.

2. Annoying bots

Some users may not be spamming in the traditional sense. But they may be communicating in a bot-like manner. Their presence can pose some issues, particularly if you’ve built up a user forum. Suspicious IPs are blocked, which stops the bots in their tracks.

3. Unauthorized visitors

You may be restricting access to your site. But to only approved visitors who aren’t required to create individual accounts. By restricting IPs to only those users in certain locations. You can keep undesirable people at bay. Unfortunately, if they’re using SSL proxies, it’ll be difficult to spot them.

4. Attacks by hackers

According to a Sucuri survey, you can use WordPress to build 90% of hacked websites. DDoS and brute force are the most common methods hackers use to get unauthorized access to your website. One of the sophisticated strategies you may use to defend your wordpress site from hacking is identifying dodgy IPs and restricting them.

Identify IP Address That Are Cause For Concern

These are the two methods you can use to find IP addresses you want to block:


Before you can ban IPs, you must first determine which ones are creating problems. If you find out they’re from spammy or shady commenters, blacklisting becomes a breeze.

All your site’s commenters’ addresses are saved in WordPress. To get their address, go to the dashboard and then to the “Comments” area.

Every commenter’s IP address will be displayed in the “Author” section. The section also contains their usernames and email addresses. First, make a list of the IP addresses you want to block; you’ll enter them into appropriate fields later.

Raw Access Logs

When your site is under a DDOS attack, finding IP addresses might be difficult. In these circumstances, you can find IP addresses by checking through your access log.

You must first log into cPanel. Scroll down to “Raw Access Logs” after clicking on ‘log.’ It’ll take you to the access logs area if you select this option. You must first select your domain name before downloading your access logs file.

Access log files are usually downloaded as.gz archives. You must first extract the file before using it. Some computers lack the software required to open such files. If this is the case, you’ll need to download and install an application to open such files. WinZip and 7-Zip are two popular folder extraction programs that you can download to any Windows device.

Only a Notepad or similar tool may view your access log folder, which you’ll find inside the archive. The folder contains all raw data from requests made to your site. These requests are made by IP addresses that appear first on the line, making them very easy to track down.

How Can You Block Ip Addresses In Wordpress 2021

You can block the IP addresses of search engines and other normal people if you’re not careful. To capture the correct IPs, you must first record all questionable IPs. You can then paste them into any IP lookup tool to conduct further analysis.

Receiving a large number of requests from a single IP address indicates a shady IP. Keep track of such addresses in a separate text file in case they’re up to no good.

How to Use Your Hosting Administration Tools to Find and Block IP Addresses

The focus of this article is on how to find and block IP addresses within WordPress. But let’s take a quick peek outside the platform. Some hosts provide helpful features, and you may find them easier or easier to use in some instances.

You should look for your Access Logs first. Regardless of whether you’re using cPanel, Plesk, or a custom admin interface. For example, in WP Engine, you’d go to Production > Access Logs and then click on your selected site.

Choose the appropriate server from the drop-down menu. Next, it should display a list of recent visitor IP addresses:

How Can You Block Ip Addresses In Wordpress 2021

From there, you’ll need to look into what your host has to offer when restricting access to your site on the back end. IP Blocker or IP Address Deny Manager, for example, will be used by cPanel:

How Can You Block Ip Addresses In Wordpress 2021

Enter the IP address you wants to remove into this tool and click Add:

How Can You Block Ip Addresses In Wordpress 2021

This feature is highly useful in many situations. But having a WordPress-based technique is equally beneficial. So let’s have a look at three different approaches to banning IPs in the CMS.

How to restrict IP addresses in WordPress?

There are two ways to restrict IP addresses:

  • Block them from the “Comment Blacklist” section manually.
  • Using Add-ons/Plugins.

We’ll take a look at both strategies in the sections below. These are the most effective methods for blocking invaders and DDoS attackers in WP.

Blacklisting WordPress Commenters

Visit the “Settings” column. Here you can blacklist IP addresses and restrict them from making comments. Scroll down to “Discussion” and choose “Comment Blacklist.” Then, paste all the IP addresses you want to exclude.

How Can You Block Ip Addresses In Wordpress 2021

Block IP Addresses in WordPress

To prevent users from leaving comments on your site based on their IP address. You can do it from the WordPress admin area.

Scroll down to the ‘Comment Blacklist’ text box on the Settings » Discussion page.

How Can You Block Ip Addresses In Wordpress 2021

Copy and paste the IP addresses you want to block, then click the Save Changes button to save your changes.

Users with these IP addresses will no longer be able to leave comments on your website. These users will still be able to access your website. But when they try to leave a remark, they will receive an error message.

Use .htaccess to block IP addresses.

The .htaccess file is used to manually restrict IP addresses. Depending on the IP address type. You’ll use different ways for blacklisting IPs with this file. These are a few examples:

Static IP address

You have a static IP address if you have a single PC in your home that you always use to visit your website. If you rarely change your address or your site is only operated by you and a few others. This blacklisting strategy may be ideal for you. You’ll need to submit one or more email addresses of persons who can access the login page on your website.

The code below will allow you to add a few IP addresses to your safe list, keeping any unauthorized IPs out. Before closing the file, make sure you click “Save.”

How Can You Block Ip Addresses In Wordpress 2021

Dynamic IP Addresses

This technique can work for you if you frequently view your site from many locations. But, first, you must enter the following code into your document:

How Can You Block Ip Addresses In Wordpress 2021

Remove the “” component and replace it with the URL of your website. Then edit the path in the first and second lines. The code also includes an error page to avoid your site from becoming stuck in a redirect loop.

Using brute force attacks, malicious people may attempt to get unauthorized access to your login page. The following code will prevent these hackers from accessing the page. It also allows authorized visitors who arrive via your website to do so. These genuine users will be unable to distinguish between the two.

Using a security plugin that displays failed login attempts, you can observe the difference this code makes with changeable IP addresses.

Allow access to the WordPress admin dashboard from several IP addresses.

To do so, Add the code below :

order deny, allow

# Replace the below, with the IP addresses you want to allow #

allow from

allow from

deny from all

You can also use the following WP plugins to prevent IP addresses from logging into the WP Dashboard.

Allow only your IP address to access the dashboard.

In your .htaccess file, paste the following code. Create a new .htaccess file in your wp-admin directory if you don’t already have one.

order deny, allow

# Replace the below with your IP address #

allow from

deny from all

Only the IP address listed above will be able to access the WordPress admin dashboard.In your .htaccess file, paste the following code. Create a new .htaccess file in your wp-admin directory if you don’t already have one.

order deny, allow

# Replace the below with your IP address #

allow from

deny from all

Only the IP address listed above will be able to access the WordPress admin dashboard.

Use cPanel to block an IP Address

This prevents an IP address from accessing or viewing your site. To secure your WP site from hacking attempts and DDOS attacks. You should use this method.

To begin, log into your hosting account’s cPanel panel. Next, scroll down to the security area and select the icon for “IP Address Deny Manager.”

How Can You Block Ip Addresses In Wordpress 2021

This will open the IP Address Deny Manager application. You can enter the IP addresses you want to block in this box. Then click the add button to add a single IP address or a range of IP addresses.

How Can You Block Ip Addresses In Wordpress 2021

If you ever need to unblock those IP addresses, return to this page.

WordPress Plugins to Block IP Addresses

Security plugins make the process of blocking IP addresses more automated. So you don’t have to look for hackers manually. The following are some of the most popular blocking plugins:

WP Ban

WP-ban users, like Simple-IP ban users, can block any single IP or IP range. If any of the prohibited users try to visit your site, the plugin shows a ban message. Besides wildcard matching, it also allows you to set aside specific addresses to avoid them from being banned. When these excluded addresses visit your site, Wp-ban keeps track of how many times they visit.

To enable the plugin, follow these steps:

  • Install and activate it normally first.
  • Go to the “Settings” menu.
  • Select the “Ban” option. It will take you to a website with a list of banned IPs and IP ranges.
  • Add or remove IP addresses from the page.
  • Save changes.

How Can You Block Ip Addresses In Wordpress 2021

Simple IP ban

Simple IP Ban is a free plugin that performs exactly what its name implies. It blocks IP addresses using a simple approach. To get started with the plugin, simply download it like any other. Then navigate to “Settings.” Next, configure the plugin by clicking “Simple IP ban.”

You can do the following in the “Settings” section:

  • Block some User Agents to keep bots at bay.
  • Set a limit on a specific IP address (you can keep out a service provider)
  • Restrict an IP address Range

You can also set up a redirect URL to keep logged-in users off the blacklist.

Limit log-in attempts.

By utilizing specific cookies, WordPress allows all users to access your site. This allows for limitless login attempts. Your passwords and hashes can be compromised with limitless access. Hence, your site is vulnerable to brute-force attacks.

Login Attempts blacklists IP addresses. This restricts users from attempting another login. After they’ve used up their allotted number of retries. In essence, the plugin makes brute-force attacks more difficult for shady users.

The following are some of the plugin’s features:

  • Every IP has a limit on retry login attempts. You can change this restriction to a value that is appropriate for your website.
  • You can use auth cookies to limit the number of attempts.
  • It tells visitors how many retries they have left or how much time they have till they are kicked out.
  • Optional notifications are possible.
  • With the use of a filter, website owners can whitelist IP addresses.

To use the plugin, follow these steps:

To begin, go to the WordPress dashboard and install the plugin.

Navigate to “Settings” and select the plugin’s menu. A new window will appear.

How Can You Block Ip Addresses In Wordpress 2021

  • You may then specify the maximum number of attempts, the lockout duration, and a variety of additional variables.

Simple Security

On your dashboard, the simple security plugin allows you to track logins and failed login attempts. You can get the following features by upgrading to the premium version:

  • When specific circumstances are met. You can receive regular email alerts that you can customize.
  • When the plugin blocks a new IP address, it might send you an optional alert.
  • After each successful login attempt, you can choose to get an optional alert.
  • When a user’s login attempt fails, you can receive an optional email alert.
  • Priority Support for the Long – Term.

You can use the plugin in these ways:

  • Install the plugin in the same way you’d install any other WordPress plugin.
  • Go to Settings and select the plugin’s menu option from the drop-down menu.
  • Make the necessary adjustments to suit your needs. Select the types of alerts you’d want to receive.

IP Blacklist Cloud

You can use this plugin to block any suspicious IP addresses from visiting your website. It adds your website’s information to their database. This allows other users to see which websites have blacklisted them and read comments. New functionality in the plugin allows you to block people from spamming your site.

How does the plugin function?

Scroll down until you find the option to include IP addresses in the Blacklist section. The IP address you want to block can then be entered. This process allows you to manually keep track of IP addresses.

How Can You Block Ip Addresses In Wordpress 2021

  • To get rid of any spammers, navigate to the plugin’s “Comments” area. The IP addresses of these spam commentators can then be obtained by visiting Visitors with restricted IPs will be unable to access any of your site’s content.
  • You can remove any IP addresses from your blacklisted list by going to “IP Blacklist.” You’ll also be able to remove your website’s URL from the list of blacklisted IP addresses.
  • You can leave a remark on IP Cloud to let other website owners know why the IP address has been blacklisted.

When IP Address Blocking Fails, Automate the Process!

If you’re either trying to stop some basic hacking attempts, specific users, or people from specified regions or countries. Blocking an IP address might help.

But many hacking attempts and attacks use a diverse variety of random IP addresses from around the world. You’ll never be able to keep track of all those random IP addresses.

That’s where a Web Application Firewall comes in handy (WAF). Sucuri is a website security service that uses a website application firewall to protect your website from such threats.

In short, all your website traffic passes through their servers. Where it is checked for suspected activities. It prevents questionable IP addresses from accessing your website completely.

Why you shouldn’t rely on IP address blocking?

When you rely on a free or untrustworthy service to keep your WordPress security up to date. The results might not be ideal.

Your free security plugin blocks suspected IPs from visiting your website. It may also prevent customers or team members from doing so. This could be detrimental to your website’s security and cause more issues than it solves.

When this happens, you’ll need to whitelist IP addresses so that the proper traffic may flow again. You can do this manually or through your security plugin. But unless you have very specific access requirements, doing it manually can be very consuming.

Instead, an effective firewall will handle blocking harmful traffic. It will also allow legitimate traffic to pass through.

An intelligent firewall can distinguish between malicious IP addresses and legal visitors who may cause alarms owing to certain circumstances.

A firewall examines over 300,000 sites to better understand and refine security intricacies. This way, you don’t have to bother about blocking specific IP addresses.


Blocking IP addresses in WP is a powerful preventative technique for keeping your site safe. This prevents attackers from gaining access to your website. It also keeps them at bay before they can do any major damage to it.

Hacking should not be as complicated as most website owners make it appear. You can keep dubious IPs out and protect your site from falling prey to such attacks by blacklisting them using your dashboard.

But, don’t expect user IPs to remain constant. Unwanted visitors can access your site using a variety of IP addresses. They may reappear with fresh addresses even after you block them once.

That’s why we recommend sticking to one of the above options and blocking new, dangerous IPs.

If you want this procedure to be automatic and you don’t want to worry about security issues. So, you may choose a security solution that detects and blocks questionable IP addresses. You won’t have to worry about any attacks, and your website will be safe 24 hours a day, seven days a week.

We hope you found this post useful in learning how to block IP addresses in WordPress.


Load More Related Articles
Load More By Susana Taylor
Load More In Wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *