How to Block IP Addresses in WordPress

Join InfoPhilic Community!

Let's build a community to help & encourage each other to grow!

Learn how to find bad IP addresses and block them in your WordPress blog.

WordPress is the most popular CMS, now used by 22% of sites. These numbers matter to hackers as they always try to hack the popular platforms. There are various ways to overcome this issue. Blocking IP address is most commonly used solution to block spam and hacking attacks on your website.

In this article, I will show you how to find and block IP addresses in WordPress.

A very basic Introduction:

An IP address short for Internet Protocol address is an identifying number for a piece of network hardware. It provides an identity to a networked device.

They are 4 sets of numbers from 0-255 separated by dots. For example,

All visitors who visit your site all have their unique IP address. You can see all address stored in your website’s access log files.

When do You need to Block IP Addresses?

Sometimes your website often becomes inaccessible. It is the most common symptom that causes because of DDoS attacks. There are also chances of other attacks when you getting spam comments and emails via your contact form. Although, there are solutions to overcome the spam comments.

At such instant, many bloggers suggest blocking the IP address. Although, it is an effective way to deal with unwanted visitors, comment spam, email spam, hacking attempts, and DDoS (denial of service) attacks.

Finding Bad IP address You Want to Block in WordPress:

However, many hacking attempts and attacks are made using a range of random IP addresses from all over the world. It is impossible for you to keep up with all those random IP addresses.

When a user leaves the comment on the site, WordPress stores IP address. You can check their IP addresses in the comments panel in your admin area.

In the case of attacks, the best way to find the IP addresses is by checking your server’s access log. For that purpose, you need to log into your cPanel dashboard of your WordPress hosting account.

  • Next, go to the ‘logs’ section and click on the ‘Raw Access Logs’.
  • After that, click on your domain name to download the access logs file.

This access logs file has all the requests made to the site. Each request begins with the IP address making that request.

Note: While doing this, you must be alert that you are not going to block yourself or legit users, or search engines from accessing your website. Carefully find out a suspicious looking IP address that making an unusually high number of requests.

  • Once you figured out such IP address, copy it and paste it in a separate text file.

How to Block IP address?

Once you have done with above procedure, the next thing you have to do, Log in your WordPress Admin area.

  • Go to Settings >> Discussion.
  • Scroll down to the comments blacklist.
  • Now copy that IP address that you have stored in separate text file and paste in the comments blacklist. Click on Save changes.

WordPress will now block users with these IP addresses from leaving a comment on your website. (User can still be able to visit your site.)

You can also block IP address through cPanel.

  • Login to cPanel dashboard of your hosting account.
  • Scroll down to the Security section and click on ‘IP Address Deny Manager’. This tool allows you to block IP address that you want to block.

For best security, enable Web Application Firewall (WAF). I would recommend using Sucuri security service. The security service automatically blocks suspicious IP addresses from reaching your website altogether.

Additional Method You Can Do:

You can allow only your IP to access the dashboard. Write the following code to your .htaccess file.

order deny,allow
# Replace the below with your IP address #
allow from
deny from all

The code will allow only IP address to access the WordPress admin dashboard.

Are There Any Plugins to Block IP Address?

1. WP-Ban:

WP-Ban allows you to block or ban a specific IP address, an entire IP Range (like maybe an entire internet service provider). It displays a customs ban message whenever they try to visit your blog. You can also exclude certain IPs from being banned.

  • Install & Activate the WP-Ban plugin.
  • On your WordPress dashboard, Go to the settings section, a Ban menu will appear.
  • Click on it. Here, you can enter the IP address, IP address range, Banned message, etc.
  • Once you are done with customizing it, Save Changes.

2. IP Ban:

IP Ban is a simple plugin which bans both a user agent and IP address from the server. It also good to protect your site from unwanted crawlers, which uses your resource and bandwidth.

  • Install & Activate IP Ban plugin.
  • On your WordPress dashboard, go to Settings >> the simple IP ban menu.

Enter the IP address you want to block and Save changes. Here, you may specify a redirect URL; when a user from a banned IP/user agent accesses your site, he will be redirected to the specified URL.

3. Limit Login Attempts:

WordPress allows unlimited login attempts either through the login page. The plugin allows you to restrict login attempts by allowing passwords to be brute-force cracked with relative ease.

The plugin blocks an IP address from making further attempts after a specified limit on retries is reached.


Among all, Limit login attempts are very good plugins. To restrict the login attempts, I recommend installing these plugins first. You can also use Jetpack plugin’s single sign-on feature.

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

Comment Policy: Your words are your own, so be nice and helpful if you can. Please, only use your real name and limit the amount of links submitted in your comment. We accept clean XHTML in comments, but don't overdo it please.


Please enter your comment!
Please enter your name here


Start WordPress Blog: Ultimate Guide For Beginners

Here is our step by step guide for beginners to start a WordPress blog.

Top 6 Best WordPress Theme Frameworks

There are many websites themes which are created by using a framework. Likewise, WordPress Theme frameworks also becoming so popular. The framework allows you...

The Most Essential WordPress Plugins

Here, I have listed some excellent plugins which will surely add more features and new functionality to your WordPress blog.

Tips to Speed Up WordPress Performance

Here, I am sharing some tips to speed up WordPress performance. All you need to modify .htaccess file on your server and add some plugins.

The Ultimate Guide to Harden WordPress Security

Learn how to improve WordPress security. Here are some basic security concepts that will help you to harden WordPress security.

How to Setup CloudFlare Free SSL for WordPress Blog

Google has announced that they will count HTTPS as a ranking factor which means if you using HTTPS you will get a higher position...


Kinsta Hosting

Highly optimized servers for lightning-fast sites. High-security environment hack-fix guarantee. WordPress support experts at your fingertips. GRAB THIS DEAL


Get almost 100% PageSpeed on Newspaper theme

The newspaper theme is the most popular premium theme for a self-hosted WordPress blog. The theme is developed by team tagDiv. You...

How to Remove jQuery Migrate in WordPress?

jQuery Migrate greatly simplifies the process of moving older jQuery code to a higher jQuery version by identifying deprecated features. It then restores deprecated...

How to create News Sitemap for WordPress site?

Learn how to create special news sitemap for your WordPress blog/ website using Yoast News SEO plugin and Jetpack plugin.

Tips to Speed Up WordPress Performance

Here, I am sharing some tips to speed up WordPress performance. All you need to modify .htaccess file on your server and add some plugins.

How to Prevent Invalid Activity

Publishers expect that their content should be viewed by legitimate consumers. However, criminal organizations have attacked the digital ad ecosystem with malware and other methods that...

How to Properly Delete a WordPress Post or Page?

You sometimes want to delete a page from your site for many reasons. When you taking a step forward, you are going to remove...