Keeping the website safe from bots and malicious users is of utmost importance to the site. If you know how to block IP address in WordPress then it helps to deal with spam and prevents unauthorized users from stealing sensitive information.
What is an IP address?
An IP address is usually a set of mathematically produced four numbers separated by periods. For example, 124.221.9.2 is an IP address that represents a device on the internet. Each of the four-set numbers is not randomly assigned and it should be in the range of 0 to 255. Obviously, every IP address lies between 0.0.0.0 and 255.255.255.255
Whenever you visit any website, your IP gets stored in the access log files. Similar is the case when anyone else visits your site.
How to find your IP address?
There are different websites that display your public IP address. The simplest among them is to type the query “What is my IP address” in google and you will get your answer at the top.
Why block an IP Address?
Every site owners like to prevent their site from security threats and misuses. So, you need to be watchful about the IPs that are targeting your site. Some common reasons to block IP addresses are:
If someone is trying to login to your site from the IP that you are unaware of, then its a high chance that a hacker is trying to break your site with attacks like DDoS, Brute Force attacks, etc. You need to act immediately and block such IPs from accessing your site.
Spam Comments
This is the most common trouble faced by bloggers in WordPress. There are thousands of spammers waiting to spam your blog with their links and unrelated comments no matter how careful you are. The best solution for it is to identify the IPs from where the repeated comments are coming and block them from the dashboard. If you want to completely turn off comments in your blog have a look at this post below:
How to turn off comments in WordPress
To Block Bots
Except for human spammers, there are bots commenting on your blog time and again. They are automated, so if you have a lot of posts in your blog, deleting each and every bot comment every day will consume a lot of your time. A quick solution to this is to identify the bot IPs and block them straightforwardly.
How to find IP addresses to block?
As we already discussed why should we block IP addresses.
But, how to find those IP addresses?
First of all, go to Comments in the admin dashboard. There you will see all the approved as well as unapproved comments. Depending upon the comments, name, link that they post, most of the comments can easily be determined that they are spam.
The comments can be manual or bot comments. You should note such IPs that are on your blog so that we can block them later as we will discuss how to block IP address in WordPress.
If you are using an activity log plugin on your site, it will keep a record of all login attempts to your site. When you check these details, you can find out unauthorized IP addresses that try to access sensitive information or even make too make failed login attempts on your site. But if you are not using any of those plugins, you will find the same information inside the logs of your website hosting.
Of course, you need to have access to the web host provider account to access this information. Log in to the cPanel and look for an option similar to Raw Access inside your web host.
Our web host has listed it inside the metrics table.
Once you open this you will be able to check who has visited your site. You can download the log details of the server in the form of a zipped file. So these details can be verified if any of those logins are malicious or suspicious and you can note the IP addresses. Usually, the spammers make a high number of login attempts or try to access sensitive locations of your site to steal the information they want.
How to block IP address in WordPress?
By this time, you already have the suspicious IP addresses and you also know why should they be blocked from the website. Now you need to block IP addresses in WordPress. You can block IP addresses manually or with the help of the plugin.
You can manually block IP addresses in the dashboard, cPanel, and editing the .htaccess file.
Using the dashboard
You have already detected comment spam IP addresses at the beginning of this post. Now it’s a good choice to block IPs of bots and spam comments from the dashboard.
For this, Go to Settings>Discussion
Scroll a bit down on that page, there are two boxes namely Comment Moderation and disallowed comment keys. Add those IP addresses in the Disallowed Comment Keys box.
You can only add one IP address per line. If you have identified some spam words, you can also enter them here in this box in a separate line. For example, if you add the word “how” other words like “anyhow” are also considered spam comments by WordPress. Once you save these changes, whenever a comment is made from those IP addresses or anyone using those words, the comment will directly be placed in the comment trash.
This will restrict the spammers to make spam comments on your site. However, they can still open your site. There are other methods listed below to block them completely.
Using cPanel
As you have identified spam IPs from Metrics>Raw Access in your web hosting panel by checking the suspicious log details of the server. Again, open the cPanel to block these IPs.
If your hosting provides access to this feature in cPanel, you will see IP Blocker option inside Security.
Add all those IP addresses that are suspicious to block those IPs from accessing your site.
Using .htaccess
Before you use this method, make a backup of your site and .htaccess file, since if anything breaks you can recover your site to a previous stable period.
If a.b.c.d, e.f.g.h, and i.j.k.l are spam IPs, then add this code at the end of the .htaccess file.
Order Allow,Deny Allow from all Deny from a.b.c.d Deny from e.f.g.h Deny from i.j.k.l
Replace the IPs as you have noted when you operate this on your site and save the changes.
How to block IP address in WordPress using plugin?
With the help of a plugin, you can block the IP address of the entire country. This is necessary when you do not have time to identify spam IPs but want to block them. Once you activate the plugin, suspicious IP addresses are automatically blocked. Depending upon the plugin, they even detect the spam IPs automatically.
You will even find the option to block all the IPs from a specific country if you do not have targeted users in that country.
Wrapping Up
In this post, we discussed how to block IP address in WordPress in detail. This is one of the most preventive measures that should be taken to secure the site from different malicious scripts, bots, and unauthorized users.
Related Posts