WordPress is the most popular CMS, now used by 22% of sites. These numbers matter to hackers as they always try to hack the popular platforms. There are various ways to overcome this issue. Blocking IP address is most commonly used solution to block spam and hacking attacks on your website.
In this article, I will show you how to find and block IP addresses in WordPress.
A very basic Introduction:
An IP address short for Internet Protocol address is an identifying number for a piece of network hardware. It provides an identity to a networked device.
They are 4 sets of numbers from 0-255 separated by dots. For example,
All visitors who visit your site all have their unique IP address. You can see all address stored in your website’s access log files.
When do You need to Block IP Addresses?
Sometimes your website often becomes inaccessible. It is the most common symptom that causes because of DDoS attacks. There are also chances of other attacks when you getting spam comments and emails via your contact form. Although, there are solutions to overcome the spam comments.
At such instant, many bloggers suggest blocking the IP address. Although, it is an effective way to deal with unwanted visitors, comment spam, email spam, hacking attempts, and DDoS (denial of service) attacks.
Finding Bad IP address You Want to Block in WordPress:
However, many hacking attempts and attacks are made using a range of random IP addresses from all over the world. It is impossible for you to keep up with all those random IP addresses.
When a user leaves the comment on the site, WordPress stores IP address. You can check their IP addresses in the comments panel in your admin area.
In the case of attacks, the best way to find the IP addresses is by checking your server’s access log. For that purpose, you need to log into your cPanel dashboard of your WordPress hosting account.
- Next, go to the ‘logs’ section and click on the ‘Raw Access Logs’.
- After that, click on your domain name to download the access logs file.
This access logs file has all the requests made to the site. Each request begins with the IP address making that request.
Note: While doing this, you must be alert that you are not going to block yourself or legit users, or search engines from accessing your website. Carefully find out a suspicious looking IP address that making an unusually high number of requests.
- Once you figured out such IP address, copy it and paste it in a separate text file.
How to Block IP address?
Once you have done with above procedure, the next thing you have to do, Log in your WordPress Admin area.
- Go to Settings >> Discussion.
- Scroll down to the comments blacklist.
- Now copy that IP address that you have stored in separate text file and paste in the comments blacklist. Click on Save changes.
WordPress will now block users with these IP addresses from leaving a comment on your website. (User can still be able to visit your site.)
You can also block IP address through cPanel.
- Login to cPanel dashboard of your hosting account.
- Scroll down to the Security section and click on ‘IP Address Deny Manager’. This tool allows you to block IP address that you want to block.
For best security, enable Web Application Firewall (WAF). I would recommend using Sucuri security service. The security service automatically blocks suspicious IP addresses from reaching your website altogether.
Additional Method You Can Do:
You can allow only your IP to access the dashboard. Write the following code to your
order deny,allow # Replace the below 192.168.1.1 with your IP address # allow from 192.168.1.1 deny from all
The code will allow only IP address 192.168.1.1 to access the WordPress admin dashboard.
Are There Any Plugins to Block IP Address?
WP-Ban allows you to block or ban a specific IP address, an entire IP Range (like maybe an entire internet service provider). It displays a customs ban message whenever they try to visit your blog. You can also exclude certain IPs from being banned.
- Install & Activate the WP-Ban plugin.
- On your WordPress dashboard, Go to the settings section, a Ban menu will appear.
- Click on it. Here, you can enter the IP address, IP address range, Banned message, etc.
- Once you are done with customizing it, Save Changes.
2. IP Ban:
IP Ban is a simple plugin which bans both a user agent and IP address from the server. It also good to protect your site from unwanted crawlers, which uses your resource and bandwidth.
- Install & Activate IP Ban plugin.
- On your WordPress dashboard, go to Settings >> the simple IP ban menu.
Enter the IP address you want to block and Save changes. Here, you may specify a redirect URL; when a user from a banned IP/user agent accesses your site, he will be redirected to the specified URL.
3. Limit Login Attempts:
WordPress allows unlimited login attempts either through the login page. The plugin allows you to restrict login attempts by allowing passwords to be brute-force cracked with relative ease.
The plugin blocks an IP address from making further attempts after a specified limit on retries is reached.
Among all, Limit login attempts are very good plugins. To restrict the login attempts, I recommend installing these plugins first. You can also use Jetpack plugin’s single sign-on feature.