When it comes to the security of your WordPress website, blocking IP address is a good method to avoid spams and hacking attacks. It is important to know which IP address is to be blocked to enhance the security of your WordPress website.
By using server logs, you can find the IP addresses that are trying to access your dashboard at a certain interval and ban those IPs.
In this article, you’ll learn how to block IP addresses in WordPress. Also, we’ll show you how to find which IP addresses are to be blocked.
Before we get into blocking IP address, let’s take a look at what an IP address is.
IP stands for Internet Protocol. An IP address is the identifying number of a piece of network hardware. It is used to communicate with other devices over the internet. It is 4 sets of numbers ranging from 0-255, separated by dots. All the visitors that come to your website have an IP address which is stored in the access log files of your website. Similarly, all the websites that you visit also store your IP address.
Why block IP addresses?
You need to block IP addresses from accessing your website to avoid comment spam, unwanted visitors, hacking attempts, email spam, denial of service attacks (DDOS), etc.
DDOS attacks can be identified easily. If your website becomes inaccessible frequently or your page load time has a spike, then it is highly possible that your website is under a DDOS attack. It is crucial to identify the culprit IP address and block it.
It is very irritating when your site gets flooded with spam comments and emails. Hence, it becomes necessary to block IP addresses.
How to find IP addresses that you need to block?
When someone leaves a comment on your WordPress website, you can see their IP address by visiting the comments page.
If your website is under DDOS attack, check your server logs to locate the culprit IP address. You’ll need to login to the cPanel of your WordPress hosting account to access the logs.
Once you’re logged in, locate Metrics section and click on ‘Raw Access’ icon.
After the access logs page opens, click on your domain name and download the access logs file.
Go ahead and extract .gz file of your domain. Inside the archive, you can open your access log file in a plain text editor like TextEdit or Notepad.
Your access log file will contain raw data of all requests made to your website. Each line will begin with the IP address making that request.
Now, go through the raw logs and find out suspicious looking IP addresses ad use IP lookup tools to find out more about it. Make sure that you don’t block legit users, search engines or yourself from accessing your website.
Look for particular IP addresses that have a suspiciously high number of requests. After identifying the IP addresses, copy and paste them in a separate text file.
How to Block IP Addresses in WordPress?
You can block IP addresses in WordPress from the wp-admin area.
Go to Settings » Discussion page and scroll down to ‘Comment Blacklist’ text box.
Copy and paste the IP addresses that you wish to block and then click on save changes.
This does not stop the users from visiting your website, but they will see an error message when they try to submit a comment.
How to block IP addresses using cPanel?
If you wish to completely block users from viewing or accessing your website. You should use the following method to protect your WordPress website from hacking attempts and DDOS attacks.
Login to the cPanel of your WordPress hosting account. Scroll down to security sections and click on ‘IP Blocker.’
After clicking, you’ll reach on the IP Address Deny Manager tool. All you have to do is add the IP addresses you want to block. After adding the IP addresses, click on Add button.
You can also unblock these IP addresses whenever you want.
We hope that you found this article helpful. If you know any other method of blocking IP addresses in WordPress, share with us in the comment section.