Have you ever wanted to permanently block spam bots, hackers, or nasty commenters? If so then WordPress IP address blocking might be the perfect solution you have been looking for. The problem is IP addresses are very important pieces of information that are not in plain sight. However, as a website developer, you will have access to all IP addresses that visit your website if you know where to look.
Website security is one of the most important concerns your website will face in today’s modern age and you need to prepare now. There are many great plugins that you can use to strengthen the security of your website, but blocking an IP address is more of a permanent solution unless the criminal element has other IPs to use to continue the attack. Today I will demonstrate how to find and block IP addresses in WordPress.
What is an IP Address and When are They Used
Internet Protocol or IP address is the equivalent of a social security number for a computer. It is the same language regardless of your location in the world. You can identify an IP address if it is in the following form:
[ht_message mstyle=”info” title=”” show_icon=”” id=”” class=”” style=”” ]XXX.XX.XXX.X[/ht_message]
If your IP address gets into the wrong hands then you could be at risk. You will want to enlist the help of a VPN service to help protect your IP address from the wrong people. A VPN will allow you to hide your IP address.
The main use of IP addresses is to help track who is visiting a website and can help locate problematic visitors. You may consider permanently blocking spam bots, email spammer, hackers, DDoS attackers, and people who have abused your other visitors in the comments section. Remember this is a permanent solution so you may just wish to block the latter from using the comments section.
How to Locate and Block an IP Address in WordPress
Today I will demonstrate how to locate and block an IP address in WordPress. This will not require any additional plugins. It will, however, require access to the cPanel of your WordPress website. Also if you are using a dummy website like myself you will not actually see IP addresses, since you actually need people to visit your website.
The easiest way to find an IP address is to view it when someone leaves a comment. To view them look on the left-hand admin side and click on the Comments option.
You will see the IP address under their name and email. Never share your visitors IP addresses. It is very easy to hack someone once you have their IP address.
Of course, you’re probably asking yourself how exactly does this help against hackers and DDoSers. Well, you’re correct, it doesn’t. This method is for handling those commenters that you probably don’t want to deal with and you need to realize there are better solutions than banning them from your website like just deleting the comment.
Alternatively, you can block them by clicking on Settings and selecting the Discussion option.
Scroll down until you see the Comment Blacklist box. Insert the IP address and that person or bot will be blocked from ever leaving a comment.
To really combat hackers and DDoSers you’re going to want to enter your cPanel for WordPress. Of course, how you access it is different depending on your web host so you may need to contact them for more information. Once you are inside your cPanel click on the Raw Access option or an equivalent naming convention. All cPanels are unique and for reference, we are using the cPanel through GreenGeeks.
This will pull up all of your websites inside the account. Click on the website whose IP address you wish to track. You will see the file located at the bottom of your screen or in your downloads folder.
All of the files in this area will be in a.gz file format and you will need some additional software to extract them. I recommend using the 7-Zip software if you don’t have an extracting tool already.
Once you open the file you will be able to see all of the access requests for your website. You will see the IP address of every person that has requested access. If you are aware of a hacking attempt you can use this information to find the IP address to block. If you are looking for a DDoS IP address this will be fairly obvious since they will be attempting to access every page on your website at once to try and overload your website. Simply look through this file and locate the appropriate IP addresses you wish to block. Remember if your website is new you won’t actually have a log because no one has accessed your website.
Once you have the IP addresses you wish to block, it is very easy to permanently block them. Scroll down until you see the security section of the cPanel and click on the IP Blocker option.
Insert the IP address into the box and you will have blocked the IP address permanently from your website. It is very important to make sure you are blocking the correct IP address because they will never be able to visit your website again.
Congratulations, you have successfully located and blocked unwanted IP addresses from accessing your website again. This is effective at dealing with bots and DDoS attacks, but you should consider using other security plugins to help protect your website. Many of them are free and will only help your website. Remember the cPanel portion of this tutorial can be very different depending on your web host.
Keep Your Website Safe and Running
The end goal of learning all this is to improve your WordPress security. Any time your website is down due to a cyber attack, the situation is potentially very harmful, especially if you make a living off of your website. If you can find the root of the problem quickly, it can help you reduce the downtime that DDoS attacks can cause. As long as you have the knowledge you can easily try to help fix your website from potentially crippling circumstances.
Remember that when you block an IP address it is permanent. You need to be very sure you are picking the correct IP address and not selecting them at random to try and see if an attack stops. You must also remember to never share these IP addresses. They can aid hackers and allow them to quickly access their information and use it to harm visitors.
How many IP addresses have you blocked from leaving a comment on your website? Have you been able to accurately identify suspicious IP addresses and block them after an attack or during?
thanks bro 🙂
You’re welcome, Mukesh.
Hello Michael,
I am using WP and my website is hosted by goDaddy. A few days back, I ran 100’s of individual queries against my mySQL db and since that I can’t access my website from my home public IP.
No luck finding where my IP is blocked. I have no plugins installed to block, IP blocker is clean, comment blacklist is clean…. My provider checked my router and so on. Nothing. No problems to access it from other locations.
Any ideas?
Thanks Mate.
That’s a tough one. It sounds like a firewall issue somewhere. If you can access it from outside of your home, then it’s definitely something there. Try to localize if it’s your computer by accessing it from another. If you can access it on another device, even your phone, try emptying the browser cache on your computer that isn’t accessing the site. Aside from that, I’m not sure where else to look. Maybe contact your host and see if they flagged your IP for scanning through the database? Sorry I’m not help on this one.