Simple Way to Block IP Addresses in WordPress: Guide
- Last Updated: Feb 13th, 2019
- Posted by: Editorial team
- Category: WordPress Knowledge
The IP addresses problems are very important pieces of information that are not in plain view. Although, as a website developer, you will have access to all the IP addresses that go to your website if you know where to look.
In today’s modern era, Website security is the most important concerns and you have to prepare now.
There are a lot of good plugins that you can use to strengthen the security of your website. But blocking an IP address is more of a permanent solution, as long as the criminal element does not have other IPs to use to continue the attack.
Here, in this tutorial, we will show you how to block IP addresses in WordPress, and also we are going to show you how to find out which IP addresses need to be blocked.
What is an IP Address?
IP Address stands for Internet Protocol. If the internet was a physical world, think of the IP addresses as the number of countries, houses numbers, and roads.
Basically, they are the 4 sets of numbers from 0-255 divided by dots and look like this:
Every computer is connected to the Internet and has an IP address that is assigned to them by their Internet Service Provider.
All visitors to your site have an IP address that is stored in the access log files of your website, means all the websites that you visit also store your IP address.
You can use VPN service to hide this information. It allows you to hide your IP address and other personal information.
Why & When You Need to Block IP Addresses?
However, the blocking an IP address or Internet Protocol address from accessing your WordPress site is an effective way of dealing with spam comments, unwanted visitors, email spam, DDOS (Denial of Service) attacks, hacking attempts.
The common sign is that your site is under DDOS attack, it is that your site will often become inaccessible or your pages will start taking forever to load.
Other attacks are more pronounced like when you start receiving spam comments or many spam emails from your contact form.
Finding Out IP Addresses You Want to Block in WordPress
However, WordPress stores IP addresses for users who leave a comment on your site.
Also, you can see your IP address by visiting the comment page in your WordPress Admin Area.
In case your site is under DDOS attack, then the best way to locate the IP addresses is to check the access log of your server.
This will take you to the Access logs page where you will have to click on your domain name to download the access logs file.
Your access log file will be in a .gz archive file. Go ahead and remove the file by clicking on it.
However, inside the archive, you will see your access log file. You can open that file in plain text editors such as Notepad or TextEdit.
Access log file contains raw data for all requests made on your website. Each line starts with the IP address making that request.
You have to make sure that you do not end up block yourself, legit users, or search engines from accessing your site.
Copy a suspicious IP address and use online IP lookup tools to find more about it. You will have to look at your access log carefully for unusually high numbers of suspected requests from a particular IP address.
Once you have to search those IP addresses, you need to copy and paste them into a different text file.
Blocking IP Addresses in WordPress
However, in case you want to stop the users with specific IP addresses from leaving a comment on your site, you can do this in your WordPress Admin area.
Go to Settings>>Discussion page and scroll down to the ‘Comment blacklist‘ text box.
Now, copy and paste the IP addresses you want to block and then click the Save Changes button.
However, WordPress will block the users with these IP addresses by leaving a comment on your site. All these users will still be able to visit your site. But when they try to submit a comment, they will see an error message.
Blocking an IP Address Using cPanel
Thus, this method completely blocks an IP address from accessing or viewing your site. You should use this method to protect your WordPress site from hacking efforts and DDOS attacks
Firstly, you have to log in to your hosting account’s cPanel dashboard.
Here, scroll down to the Security section and after that click the ‘IP Address Deny Manager’ icon.
The IP Address Deny Manager will take you to the IP address Deny Manager tool. Here, you can add the IP addresses that you want to block. You can add a single IP address or IP range and then click the Add button.
If you ever need to unblock those IP addresses, you can come back to the same page again.
When IP Address Blocking Doesn’t Work – Automate It!
If you only blocking some basic hacking attempts, specific users, or users of specific regions or countries, then blocking the IP address will work.
However, a lot of hacking attempts and attacks are created using a wide range of random IP addresses from around the world. It is impossible to keep up with all those random IP addresses.
This happens when you need a Web Application Firewall (WAF). For wpglobalsupport website, we use Sucuri. This is a website security service that protects your website against such attacks by using the website’s application firewall.
In fact, all your site traffic goes through its servers where it is investigated for suspicious activity. It automatically blocks the suspicious IP addresses from fully reaching your site.
Wrapping this all end! We have discussed a way to block IP addresses in WordPress.
We hope this guide helped you to block the IP addresses in WordPress. Read the above steps carefully and block IP addresses. If you have any problem with blocking IP addresses, tell us in the comment section provided below!
Also, share the blog with your peers!
If you need any help related to WordPress Security just contact to our WordPress Support Team, Dial + 1 844 275 0975 (Toll-Free). Our doors are always open for you and we will help you to solve all your major issues related to WordPress.
Read More Blogs:
- Easy ways to Scan Your WordPress Site for Potentially Malicious Code
- List Of Top 10 WordPress Plugins To Detect Malicious Code In Your Site
- 7 Important Tips to Secure the Login Page in WordPress