How to Block IP Address in WordPress Easily [Expert Tips for 2022]

  • Home
  • Wordpress
  • How to Block IP Address in WordPress Easily [Expert Tips for 2022]

Do you want to block IP addresses in your WordPress site and looking for a way? Read on!

You should put cyber security at the top of your priority list if you have a WordPress website. Your website may already have featured spam comments or automated systems that post comments or engage in other methods designed to make it appear unauthentic.

If your website is vulnerable to external attacks, including those that may steal your data, you may want to block IP addresses to prevent them.

In general, restricting an individual’s IP address is the best method of preventing them from visiting your website. Imagine that you are looking for multiple sources of traffic to your website.

It is likely that bots and spammers will eventually be aware of your website and seek to harm it. The security of your website becomes increasingly important in this situation.

Why Do You Need to Block IP Address?

In order to make finding a machine easier, every machine has its own unique number which is called an IP address. IP addresses are used to send and receive data on the internet.

IP addresses are known as internet protocols. Four different types of IP addresses exist: static, dynamic, public, and private. IP addresses come in many types, and before blocking them, you need to understand what they are.

An Internet Protocol address identifies an internet-connected device, such as a mobile phone, a laptop, or a desktop computer.


In light of what you already know about IP addresses, let’s list why you might want to block IP addresses on your website. The following concerns might come to mind when considering this situation.

Protect your WordPress site from spamming: You can’t allow any kind of malicious or illegal remarks on your website’s comment area. If happens so, you won’t present your site as a unique one. Moreover, the credibility and reputation decrease a lot. Therefore, your site will lose trustable users, and also you can’t reach the users that you’ve targeted.

Beware of internet bots: Keeping your website up to date is also going to involve encountering bots, which are not necessarily spamming, but their presence will cost you a lot. It will eventually cease to affect IP addresses if you restrict them.

Take action against unauthorized internet users: By limiting your IP address to only those in a particular region, you can block out unauthorized visitors. Over time, this will significantly increase the security of your website.

Hopefully, you now understand what the basic reasons are for blocking IP addresses in WordPress. We can now move on to identifying spammers on your website through different methods.

Identify Unauthorized IP Addresses You Want to Block

Before blocking those IP addresses, very obvious that you need to know how to identify them. The following list includes some of the common indicators by users that can be considered malicious to websites.

  • Multiple login users: If you a user use multiple login attempts to log in, it’s definitely the indicator that someone is trying to hack your site.
  • Unmatched user’s names and actions: This can be an indication of being malicious when a user’s action and name do not match. Plus, if a username holds so many numbers in it.
  • User with wrong permissions: If any sensitive information is accessed by any unknown or wrong permissions users. That user IP is also considered an unauthorized IP address.
  • Repetitive actions: If the same pattern repeats again and again on your site, it can be considered a malicious act and this IP address needs to be blocked immediately.

Well, among many these are some most happening incidents that can help you to identify unauthorized IP addresses and block them instantly from your WordPress site.

By blocking or banning these IP addresses you can make your site free from any cyber-attacks. Now, a question may pop up in your mind. That is, how to find these IP addresses? Here’s the process below:

In the first place, you’ll get the IP addresses you the commentators by entering them into your WordPress dashboard. What are you waiting for?

Go to the dashboard and hover your mouse over the left-side options. Find the Comments section and click on it.

As you can see, the list of all comments on your website’s various pages is visible here. You’ll find the IP addresses under each and every commentator’s name and email address.


Well, this was an easy way of identifying the IP addresses of possible spammers and attackers. But the most important thing is still obscure that you may question. What is that? That is, how do you know which commentators are actually the spammers who can be harmful to your website?

The answer is, accessing a raw access log! With help of this, you can find out those particular commentators who are repeatedly sending requests on your site. How to do this?

Go to your hosting account and head over cPanel dashboard. And, you’ll get raw access log there. You can download the access log details in a.gz format by clicking the domain name in the box below.

The file can be extracted using a program like Winzip. From the access log, you can see all the raw access logs in any text editor. If you would like to block IP addresses from your website, you can now note down the addresses somewhere.

This much simple is to find unauthorized IP addresses and ban/block them.

3 Effortless Ways to Block IP Addresses in WordPress for 2022

There are 3 insanely easy ways to restrict/block IP addresses in WordPress. Let’s dive in:

Method 1: Block IP Addresses Manually (The Easy One)

As we previously mentioned, you can easily find the IP addresses of the commentators from the Comments section in your WordPress dashboard. And these suspected bot or spam IP addresses can be blocked manually.

To do so, go to your WordPress dashboard and click on the Settings option from the left side panel. Now, choose Discussion from the appearing options.

And, eventually, select Disallowed Comment Keys and put the suspected IP addresses here. It can be IP addresses, usernames, keywords, and so on.

Once done with putting IP addresses click on Save to make everything secure.

Congratulations! Your WordPress website is now free from bots and spammers as you’ve successfully blocked the suspected IP address following the manual process.


Method 2: Block IP Addresses Using .htaccess File

Before using this method, make sure you’ve proper knowledge of how to work with .htaccess files. If you already know then, this method will seem to you as effortless as summing 2+2.

So, restricting IP addresses using this method needs some precautions. If you want to block IP addresses in bulk then locate the .htaccess file from the root of your site directory and copy/paste the following code there.

Deny from [IP Address You Want To Block]

You must, however, list each IP address individually if you wish to block more than one IP address. You can block the entire subnet by adding the following.

Deny from 123.123

The .htaccess file on your site lets you easily block the desired IP addresses. It is important not to ban any IPs that may be useful.

Method 3: Restrict IP Addresses Using WordPress Plugins

You may already know, WordPress is the most widely acknowledged content management system around the world. The impeccable features and functionalities can help you make an amazing website.

Plus, WordPress didn’t compromise its security for the users as security is one of the most integral parts of any kind of website. And to ensure top-notch security it has got plugins that will help you to block IP addresses on your WordPress site.

The following 2 plugins are the most useful ones to help you here.

All In One WP Security & Firewall


Using the All In One Security & Firewall plugin, you can take your website security level to another level. This plugin can be considered the “Great Wall of China” in terms of providing security. It’s easy to use in spite of having high functionalities.

It will get your back with its scanning feature that scans vulnerabilities and take action with upgraded WordPress approaches. As a result, there is no option for any kind of security breach.

Wordfence Security – Firewall & Malware Scan


This is another popular WordPress plugin that protects WordPress site’s from spammers or bots. The plugin ensures high-security maintenance with its malware scanner and endpoint firewall.

It’s the ultimate safeguard for your WordPress site. From its Threat Defense Feed, your site can get upgraded firewall rules, malicious IP addresses, and malware signatures so that you can safeguard your WordPress site.

Bottom Line

There you have it! Following these insanely easy ways, you can block IP addresses that are harmful to your site in order to ensure high security.

We hope, the post will turn out as a helpful one for you. And, if you find it helpful we’re welcoming you to share your experience with us using below comment box.

However, don’t forget to take a look at our blog page where you can find whatever you need regarding WordPress and others.

Be with ThemeLooks and subscribe to our WordPress video tutorials on YouTube. We may also be found on Twitter, LinkedIn, and Facebook.

  • Comments are closed