Home / Blog / How To / How To Block IP Addresses on WordPress for Better Security

How To Block IP Addresses on WordPress for Better Security

The Internet has many things to give us, some good and some bad. If you are a site owner you might know what are the bad things, for a site owner. Yes! We are talking about spam and hacking attacks. To safeguard your site from those attacks, blocking bad users’ IP addresses can help you. So, today we will take a dive into how to block IP Addresses on your WordPress site. Before that, let’s discuss what is IP address is and the reason for blocking bad users’ IP addresses.

What is an IP Address?

All devices that are connected to an internet connection have a unique string of numbers and that number identifies the particular device’s internet connection. That unique string of numbers is called an Internet Protocol address, known as an IP address. The IP address always remains the same for each device because it is specifically tied to a particular device. So, they help you identify visitors and their activities on your site.

Currently, two internet protocols are in use—IPv4 and IPv6.

IPv4: This is the older version which has a space of over 4 billion IP addresses. IPv4 addresses usually represented by a dot-decimal notation. So, it looks like,

XXX.XXX.XXX.XXX

Here each of the blocks represents a number between 0 and 255. As the IPv4 version is used to configure IP addresses in numerical value, this may conflict with other IP addresses.

IPv6:  The new IPv6 version can provide up to trillions of IP addresses to fulfill the needs of all internet users and devices. IPv6 adopted the hexadecimal method to provide unique IP addresses to billions of users in the world. It has eight groups of four hexadecimal digits, separated by a colon (:). However, the full address is often shortened using various techniques.

Reason to Block IP Addresses:

Who wants an unsafe site? The main reason behind blocking IP addresses is for security purposes. Many times you need to block IP addresses to protect your site from hackers and spam. Spam emails, hacking attempts, suspicious and unwanted visitors, and denial of service attacks (also known as DDOS) all can be prevented by blocking IP addresses. So, it allows your site to remain SEO-healthy and makes it more professional.

How to Get the IP Addresses You Want to Block:

As we said above, each internet user has a specific IP address for the specific device. So, if you can detect the IP addresses of the visitors whose intention is to harm your site, then you can block them from accessing your site. Let’s check three ways to get your user’s IP addresses.

1. Adding Code on functions.php:

The first way we will talk about is adding a few lines of code to your theme functions.php file. From your WordPress dashboard, navigate to Appearance > Theme Editor and select Theme Functions from the list on the right.

function get_the_user_ip() {
if ( ! empty( $_SERVER['HTTP_CLIENT_IP'] ) ) {
//check ip from share internet
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
//to check ip is pass from proxy
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
return apply_filters( 'wpb_get_ip', $ip );
}
add_shortcode('display_ip', 'get_the_user_ip');

 After that, scroll down, copy the code, and paste it to the bottom of the file. Don’t forget to press the ‘Update File’  button to save the change.

Now, go to your pages/posts and add the shortcode [display_ip].

That’s it! You can get the visitor’s IP addresses who visited that page/post.

2. Checking Access Log:

You can also collect your visitor’s IP addresses with your server’s access log. To check your server’s access log first you need to log in to your hosting account. Next, scroll down, go to the ‘Metrics’ menu, and select ‘Raw Access’.

This will take you to the access logs page where you can download the access logs file. All you need to do is click on the link to download all the information. To extract the IP addresses you need any zip folder application like Express Zip or WinZip. Then you can view all the unusual access attempts by using any modern text editor like Notepad, or Notepad++. You can check which of the IP addresses acted suspiciously on your site and enlist them.

3. Checking Admin Dashboard Comment Page:

The third and easiest option is checking the comment page on your WordPress admin dashboard. Go to comment page and check the marked area.

How to Block IP Addresses:

Now, it’s time to know how to block specific IP addresses from accessing your WordPress site. There are a few different ways to deal with suspicious IP addresses. Here are three of the most common:

1. From WordPress Admin Dashboard
2. Using IP Blocker on cPanel
3. Using .htaccess file

1. From WordPress Admin Dashboard:

In this process, you can disable a specific IP address from commenting on your site. Navigate to ‘Settings >> Discussion’, then scroll down and check the ‘Disallowed Comment Keys’. As you can see a text area where you can paste IP addresses that you want to block.

As this is a core WordPress feature you don’t need any plugin or other tool for this.

2. Using IP Blocker on cPanel:

This method is the best way to block IP addresses. Login to your hosting account and navigate to the ‘Security’ section of your cPanel. In this section, you will see an option called ‘IP Blocker’.

Click on the ‘IP Blocker’, and a text bar will appear. Type the IP addresses you want to block one by one on that text bar.

All the block-listed IP addresses never be able to access your site.

3. Using .htaccess file:

Although the .htaccess file is a hidden file you can add IP address blocking instructions on this. You’ll need to log into your WordPress hosting account and navigate to the cPanel. From there, launch the File Manager and select the public_html folder.

After that, go to settings, and you will see a window pop out. Then click on the option ‘show hidden files’ there.

From the File Manager, go to the public_html folder. the .htaccess file is located in this folder.

Then, right-click on the .htaccess file and select ‘Edit’.

Now, add the following rule to your .htaccess file,

order allow,deny
deny from 111.112.13.1
deny from 111.112.13.18
deny from 111.112.13.122
deny from 111.112.13.149
deny from 111.112.13.155
allow from all

Don’t forget to save the change. You can add as many IP addresses there.

Without these methods, you can block IP addresses with WordPress plugins. But you need to spend money on that. So, hope you like these free methods to block your harmful IP Address. To get more about your WordPress site security check Remove Malware from Your WordPress Site and Add Nofollow Links in Your WordPress Site.