How to Block IP Addresses in WordPress for Enhanced Security

How to Block IP Addresses in WordPress for Enhanced Security

Blocking malicious IP addresses in WordPress is one of the greatest ideas for security enhancement. That is just about the way to beat back spam visitors. If you are looking for an effective way to do so, follow this guide that introduces methods on banning certain IPs with a plugin and .htaccess.

The selected plugin is LionScripts: IP Blocker Lite, coming with a bunch of advanced features. Unlimited IP addresses are allowed to be banned from visiting your website. When the blocked visitors try to access to your website, they are only going to get a blank web page or a predefined message.

Block IP Addresses with Plugin

Search for LionScripts: IP Blocker Lite via WP admin and then install this plugin once getting a search result as below. Upon activation, a new item called LionScripts appears on the sidebar and the page is turned to IP Address Blocker Settings page automatically.

Install LionScripts: IP Blocker Lite Plugin

First of all, the IP address in red is your current IP that can never be blocked. There are three settings available for blocking IPs, which enable you to type IPs to be blocked manually, upload IP addresses in bulk and download blocked IP addresses in CSV format.

IP Address Blocker Settings

The first option is great for blocking a small number of IP addresses. You just need to type an IP in the “Add New IP” box and then click “Add” button to confirm it. The blocked IP addresses are shown in the list clearly.

Block IP Manually

If you have collected an array of IP addresses in a CSV file, then you just need to check the “Upload IP Addresses (CSV Format)” option and choose this file. Finally, click “Upload CSV” to upload this file. However, if you have no idea what a CSV file should be, click “Download Sample CSV” to follow the example.

Upload IP Address

The “Download Blocked IP Addresses (CSV Format)” function is used to download all blocked IP addresses in a pro format or a normal format. The pro format displays a list of blocked IP addresses with block type, notes, block date and block date to. For the normal format, there is no other details than blocked IP addresses.

Download Blocked IP Addresses

And then, set what will be displayed on the web page if blocked IP addresses try to access to your website. Two options are available here, which enable you to display a blank page to banned users or display a message said that you are using an IP address blocker.

Block IP Message

We would like to recommend more plugins designed for the same purpose, including IP Geo Block, Limit Attempts and IP Blacklist Cloud. Those options are all popular with a large number of users for limiting website access.

Block IP Addresses with .htaccess

Besides LionScripts: IP Blocker Lite plugin, .htaccess is also an acceptable way to block malicious IP addresses. Make some changes to this configuration file and add all denied IP addresses to it. Before everything, you are required to open .htaccess file from the file manager.

Since we develop our site with a cPanel hosting solution, we are going to open this file via cPanel> Files > File Manager. Select the document root for your website correctly and then target the .htaccess file from a list of file names. Right-click it and open this file in an editor.

Edit .htaccess File

Add the following lines to the .htaccess file and place them to the beginning. You should replace “xx.xx.xx.xx” to an IP address to be blocked and that will be banned from visiting your website once saving this file. Add more IP addresses in proper order and each should in a separate line.

order allow,deny
deny from
deny from
allow from all

Perhaps, if you need to block a whole range of IP addresses, like from xx.yy.zz.1 to xx.yy.zz.254, then the following lines play a part in that case.

order allow,deny
deny from xx.yy.zz
allow from all

Click “Save” button to confirm all changes to .htaccess file so as to make it into effect in real time.