How to Block IP Addresses in WordPress
Last Updated on April 11, 2024 by James Wilson
Do you need to know how to block IP addresses in WordPress? If so, read on. There are many good reasons for blocking certain IP addresses from accessing your site. Many people choose to do this so they can avoid spam and reduce the likelihood of their sites being hacked. This article has been produced to tell you how to block IP addresses and tell you more about which IP addresses you may need to block to avoid attacks from cyber criminals and similar unscrupulous types.
What are IP addresses?
IP addresses can be compared to real-life addresses and telephone numbers. The addresses consist of 4 sets of numbers between 0 and 255 that are separated by dots. All computers that connect to the internet have IP addresses, which are given to them by ISPs or Internet Service Providers. Each time someone visits your site, their IP address is stored in your access log. In turn, each time you visit a website, the event is logged and your IP is stored. The fact that IP addresses are logged is very useful as it makes it easier to identify those engaging in unscrupulous or illegal behavior related to your online space. IP addresses have resulted in many people having action taken against them for cybercrime including cyber bullying, hacking, and more. However, some people opt to hide their IP addresses via VPN services. This can help them protect their personal information.
Reasons for blocking IP addresses
So, why would you need to block an IP address? Blocking an IP address can protect you from spam of various types including e-mail and comment spam, unwanted visitors, hacking and DDOS attacks. Symptoms of a DDOS attack include websites becoming inaccessible or pages taking too long to load. If you start to receive more spam e-mails or spam comments than usual, you may need to block IP addresses to stop this occurring.
Comment spam and DDOS attacks
WordPress can tell you the IP addresses of anyone that has left a comment on your site. Visit the comment page in the WP admin area to link comments up with IP addresses. Do you suspect you have come under a DDOS attack? If so, the first thing you should do is to look at your server’s access log. Login to the cPanel dashboard linked to your WP hosting account. Head to the ‘logs’ section and click the ’Raw Access Logs’ button. Click on your domain name in the access logs page so you can download the access logs file.
You will find the access log file in a gz. Archive file. Click on the file to extract it. There are various options available to you if you don’t currently have a program for extracting such files. You may wish to download a reputable program such as WinZip. Once you have extracted the files, you can open your access log file in a plain text editor such as Notepad. The file consists of raw data relating to all requests that have been made to your site. All lines start with the IP address that has made the request. Take care to avoid blocking yourself, trusted users, and search engines from your site. If an IP address seems suspicious, there are IP lookup tools online that you can use to find out more about it. If you have a particularly high number of requests from a single address, this could be the source of the unwanted activity. You can copy and paste the IP addresses you are suspicious about into a new text file.
How to stop IP addresses leaving comments
Do you simply wish to prevent certain users from leaving comments? If so, you can do this in the WP admin area. Go to Settings » Discussion and scroll until you reach the ‘Comment Blacklist’ text box. The process is relatively simple – just copy and paste the unwanted IP addresses and click on ‘save changes’. Users with the IP addresses will now be unable to leave comments, though they will still be able to visit your site. However, this should help you win the battle against spam and help you deliver a better user experience for those who aren’t abusing your service. The offending users will see an error message when they attempt to leave a comment.
Have hackers attacked your site?
If you need to take more drastic steps to challenge those misusing your site, help is at hand. You can block IP addresses via cPanel to stop them from gaining access to or viewing your site. This step may be for you if you have come under attack from DDOS or hackers. Login to the cPanel dashboard of the hosting account and head to the security section. You then need to click on the ‘IP Address Deny Manager’ button. This facility enables you to add any IP addresses that you need to block and can be of great value whether you need to block one or several addresses. If you do decide to unblock certain IP addresses – perhaps after learning someone else was responsible for the malicious behavior – you can do so in the same page.
Are you being attacked by addresses from across the world?
There may be situations where these steps are not enough. If you have come under attack from hacking attempts and DDOS threats from various random addresses from across the world, you can use a Web Application Firewall (WAF) for extra protection. One example of such a service is Sucuri, which is designed to protect you from such attacks and is ideal if keeping up with scores of offending IP addresses is simply not realistic. All of your site traffic will be sent through their servers so it can be assessed for suspicious behaviour. The facility can block all IP addresses deemed to be suspicious of accessing your site. The above steps can help you thwart hackers and keep your WordPress site safe from malicious attacks, so why not get started today?