How To Block IP addresses for better security in WordPress

How To Block IP Addresses on WordPress for Better Security

The Internet has many things to give us, some good and some bad. If you are a site owner you might know what are the bad things, for a site owner. Yes! We are talking about spam and hacking attacks. To safeguard your site from those attacks, blocking bad users’ IP addresses can help you. So, today we will take a dive into how to block IP Addresses on your WordPress site. Before that, let’s discuss what is IP address is and the reason for blocking bad users’ IP addresses.

What is an IP Address?

All devices that are connected to an internet connection have a unique string of numbers and that number identifies the particular device’s internet connection. That unique string of numbers is called an Internet Protocol address, known as an IP address. The IP address always remains the same for each device because it is specifically tied to a particular device. So, they help you identify visitors and their activities on your site.

Currently, two internet protocols are in use—IPv4 and IPv6.

IPv4: This is the older version which has a space of over 4 billion IP addresses. IPv4 addresses usually represented by a dot-decimal notation. So, it looks like,


Here each of the blocks represents a number between 0 and 255. As the IPv4 version is used to configure IP addresses in numerical value, this may conflict with other IP addresses.

IPv6:  The new IPv6 version can provide up to trillions of IP addresses to fulfill the needs of all internet users and devices. IPv6 adopted the hexadecimal method to provide unique IP addresses to billions of users in the world. It has eight groups of four hexadecimal digits, separated by a colon (:). However, the full address is often shortened using various techniques.

Reason to Block IP Addresses:

Who wants an unsafe site? The main reason behind blocking IP addresses is for security purposes. Many times you need to block IP addresses to protect your site from hackers and spam. Spam emails, hacking attempts, suspicious and unwanted visitors, and denial of service attacks (also known as DDOS) all can be prevented by blocking IP addresses. So, it allows your site to remain SEO-healthy and makes it more professional.

How to Get the IP Addresses You Want to Block:

As we said above, each internet user has a specific IP address for the specific device. So, if you can detect the IP addresses of the visitors whose intention is to harm your site, then you can block them from accessing your site. Let’s check three ways to get your user’s IP addresses.

1. Adding Code on functions.php:

The first way we will talk about is adding a few lines of code to your theme functions.php file. From your WordPress dashboard, navigate to Appearance > Theme Editor and select Theme Functions from the list on the right.

Getting IP Addresses with function.php
Getting IP Addresses with function.php
function get_the_user_ip() {
if ( ! empty( $_SERVER['HTTP_CLIENT_IP'] ) ) {
//check ip from share internet
} elseif ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
//to check ip is pass from proxy
} else {
return apply_filters( 'wpb_get_ip', $ip );
add_shortcode('display_ip', 'get_the_user_ip');

 After that, scroll down, copy the code, and paste it to the bottom of the file. Don’t forget to press the ‘Update File’  button to save the change.

Now, go to your pages/posts and add the shortcode [display_ip].

Displaying IP Addresses
Displaying IP Addresses

That’s it! You can get the visitor’s IP addresses who visited that page/post.

2. Checking Access Log:

You can also collect your visitor’s IP addresses with your server’s access log. To check your server’s access log first you need to log in to your hosting account. Next, scroll down, go to the ‘Metrics’ menu, and select ‘Raw Access’.

Access Log File
Access Log File

This will take you to the access logs page where you can download the access logs file. All you need to do is click on the link to download all the information. To extract the IP addresses you need any zip folder application like Express Zip or WinZip. Then you can view all the unusual access attempts by using any modern text editor like Notepad, or Notepad++. You can check which of the IP addresses acted suspiciously on your site and enlist them.

3. Checking Admin Dashboard Comment Page:

The third and easiest option is checking the comment page on your WordPress admin dashboard. Go to comment page and check the marked area.

IP Addresses on the comment area
IP Addresses in the comment area

How to Block IP Addresses:

Now, it’s time to know how to block specific IP addresses from accessing your WordPress site. There are a few different ways to deal with suspicious IP addresses. Here are three of the most common:

  1. From WordPress Admin Dashboard
  2. Using IP Blocker on cPanel
  3. Using .htaccess file

1. From WordPress Admin Dashboard:

In this process, you can disable a specific IP address from commenting on your site. Navigate to ‘Settings >> Discussion’, then scroll down and check the ‘Disallowed Comment Keys’. As you can see a text area where you can paste IP addresses that you want to block.

Blocking IP Addresses from Admin Dashboard
Blocking IP Addresses from the Admin Dashboard

As this is a core WordPress feature you don’t need any plugin or other tool for this.

2. Using IP Blocker on cPanel:

This method is the best way to block IP addresses. Login to your hosting account and navigate to the ‘Security’ section of your cPanel. In this section, you will see an option called ‘IP Blocker’.

Blocking IP Addresses with cPanel
Blocking IP Addresses with cPanel

Click on the ‘IP Blocker’, and a text bar will appear. Type the IP addresses you want to block one by one on that text bar.

Blocking IP Addresses with cPanel
Blocking IP Addresses with cPanel

All the block-listed IP addresses never be able to access your site.

3. Using .htaccess file:

Although the .htaccess file is a hidden file you can add IP address blocking instructions on this. You’ll need to log into your WordPress hosting account and navigate to the cPanel. From there, launch the File Manager and select the public_html folder.

After that, go to settings, and you will see a window pop out. Then click on the option ‘show hidden files’ there.

Check hidden  file on web server
Check hidden files on web server

From the File Manager, go to the public_html folder. the .htaccess file is located in this folder.

.htaccessfile on cPanel
.htaccessfile on cPanel

Then, right-click on the .htaccess file and select ‘Edit’.

Adding IP Adresses on .htaccess File
Adding IP Addresses on .htaccess File

Now, add the following rule to your .htaccess file,

order allow,deny
deny from
deny from
deny from
deny from
deny from
allow from all

Don’t forget to save the change. You can add as many IP addresses there.

Without these methods, you can block IP addresses with WordPress plugins. But you need to spend money on that. So, hope you like these free methods to block your harmful IP Address. To get more about your WordPress site security check Remove Malware from Your WordPress Site and Add Nofollow Links in Your WordPress Site.

Leave a Reply