Do you want to block specific IP addresses from accessing your WordPress site? IP address blocking is used as a solution to block spam and hacking attacks on your website. In this article, we'll show you how to block IP addresses in WordPress, and we'll also show you how to find out which IP addresses should be blocked.
If the Internet is a physical world, think of IP addresses as country, street, and house numbers. It's basically 4 sets of numbers from 0-255 separated by dots and it looks like this:
Every computer connected to the Internet has an IP address assigned by your Internet Service Provider.
Every visitor to your website has an IP address that is stored in your website's access log files. This means that every website you visit also stores your IP address.
You can hide this information by using a VPN service. This allows you to hide your IP address and other personal information.
Blocking an IP address from accessing your website is an effective way to deal with unwanted visitors, comment spam, spam, hacking attempts, and DDOS (denial of service) attacks.
The most common sign that your website is under a DDOS attack is that your website will frequently become inaccessible or your pages will start to load slowly.
The other attacks are more obvious, like when you start getting spam comments or lots of spam emails from your contact form. We have a list of ways to combat comment spam, but the last solution is to block IP addresses.
WordPress stores an IP address for users who leave a comment on your website. You can view your IP address by visiting the feedback page in your WordPress admin area.
If your website is under a DDOS attack, then the best way to locate IP addresses is to check your server's access log.
In order to view those logs, you will need to be logged into the cPanel control panel of your WordPress hosting account. Next, locate the 'logs' section and click the 'Raw Access Logs' icon.
This will take you to the access logs page where you need to click on your domain name to download the access logs file.
Your access log file will be inside a .gz archive file. Go ahead and extract the file by clicking on it. If your computer doesn't have a program to handle .gz files, then you'll need to install one. Winzip or 7-zip are two popular options among Windows users.
Inside the file, you will see your access log file which you can open in a plain text editor like Notepad or TextEdit.
The access log file contains raw data from all requests made to your website. Each line begins with the IP address making that request.
You need to make sure you don't end up blocking access to your website to legitimate users or search engines. Copy down a suspicious-looking IP address and use online IP lookup tools to find out more about it.
You'll need to look closely at your access logs for a high number of suspicious requests from a particular IP address. Tip: There is a way to automate this that we share at the end of this article.
Once you've located those IP addresses, you need to copy and paste them into a separate text file.
If you just want to prevent users with a specific IP address from leaving a comment on your site, you can do so within your WordPress admin area.
Go to Settings »Discussion page and scroll down to the "Comment Blacklist" text box.
Copy and paste the IP addresses you want to block, and then click the Save Changes button.
WordPress will now block users with these IP addresses from leaving a comment on your website. These users will still be able to visit your website, but will see an error message when they try to submit a comment.
This method completely blocks an IP address from being able to access or view your website. You should use this method when you want to protect your WordPress site from hacking attempts and DDOS attacks.
First, you need to login to the cPanel control panel of your hosting account. Now scroll down to the security section and click on the 'IP Address Deny Manager' icon.
This will take you to the IP Address Denier tool. Here you can add the IP addresses you want to block. You can add a single IP address or IP range and then click the Add button.
You can return to the same page if you ever need to unblock those IP addresses.
Blocking an IP address would work if it only blocks some basic hacking attempts, specific users, or users from specific regions or countries.
Sin embargo, muchos intentos de piratería y ataques se realizan utilizando una amplia gama de direcciones IP aleatorias de todo el mundo. Es imposible mantenerse al día con todas esas direcciones IP aleatorias.
Ahí es cuando necesitas un Firewall de aplicación web (WAF). Para el sitio web de WPBeginner, usamos Sucuri. Es un servicio de seguridad de sitios web que protege su sitio web contra dichos ataques utilizando un servidor de seguridad de aplicaciones de sitios web..
Básicamente, todo el tráfico de su sitio web pasa a través de sus servidores, donde se examina por actividad sospechosa. Bloquea automáticamente que las direcciones IP sospechosas lleguen a su sitio web por completo. Vea cómo Sucuri nos ayudó a bloquear 450,000 ataques de WordPress en 3 meses.
Esperamos que este artículo te haya ayudado a aprender cómo bloquear fácilmente las direcciones IP en WordPress. También es posible que desee ver nuestra guía paso a paso de seguridad de WordPress para principiantes..
If you enjoyed this article, please subscribe to our WordPress YouTube Channel video tutorials. You can also find us on Twitter and Facebook.