After 15 years as a WordPress professional, I‘ve seen hundreds of sites compromised by hackers and spammers. Blocking IP addresses is a powerful tool to stop these automated attacks.
In this comprehensive guide, you‘ll learn:
- What IP addresses are and how they work under the hood
- Common reasons sites need to block IP addresses
- Multiple ways to identify suspicious IP traffic
- Step-by-step guide to blocking in WordPress and cPanel
- When basic IP blocking fails and you need a firewall
- Expert tips to optimize your blocking strategy
I‘ll share real-world examples from my experience securing WordPress sites, so you have the knowledge to protect your site from threats. Let‘s dive in!
Contents
IP Addresses Explained
Every device connected to a network has a unique IP (Internet Protocol) address assigned to it. This allows traffic to be routed properly between devices.
An IP address looks like a series of numbers separated by periods, such as 192.168.1.1.
The IP address contains the network ID and host ID needed to send data to the right place. See the table below for a breakdown of the sections:
| Section | Purpose | Range |
|---|---|---|
| Network ID | Identifies network device is on | 0-255 |
| Host ID | Identifies specific device on network | 0-255 |
IP addresses can either be static (fixed) or dynamic (changing). Most home devices get a dynamic IP automatically assigned by the ISP.
When a request hits your WordPress server, the source IP address gets logged. We can use this to block malicious traffic.
Why Block IP Addresses on WordPress Sites?
Blocking IP addresses selectively can improve security and prevent abuse issues like:
- Spam comments – Repeated comments from one IP indicates a spam bot. Blocking stops the comments.
- Brute force attacks – Blocking IPs after multiple failed login attempts prevents WordPress dashboard access.
- DDoS attacks – Blocking IPs involved in DDoS attacks keeps your site online by limiting abusive traffic.
- Geographic restrictions – Blocking IP ranges from certain regions can enforce geographic licensing restrictions.
According to Sucuri‘s site, WordPress sites see over 58+ million brute force attacks monthly. The chart below shows the dramatic rise in blocked WordPress attacks among Sucuri clients:
Proactively blocking IP addresses can stop a significant portion of these automated threats. Next let‘s look at how to identify IPs that need blocking.
How to Find Suspicious IP Addresses
To block an IP address, you first need to identify potentially malicious IPs causing issues. Here are three ways to find them:
1. Check Comment IP Addresses
In WordPress, comment IP addresses are visible on the Comments page:
Look for patterns like repeated comments from the same IP. This often indicates a spam bot. Note down any suspicious IPs for blocking.
2. Analyze Web Server Access Logs
Your hosting access logs record all requests to your site along with the source IP.
To download access logs on cPanel:
cPanel ➜ Logs ➜ Raw Access Logs
Open the logs file and look for trends like:
- Repeated requests for common WordPress files (indicates probing)
- Hundreds of requests per hour from one IP (could be DDoS)
- Multiple failed WordPress login attempts
Make a list of any questionable IP addresses for further investigation.
3. Use IP Lookup Tools
Next, use online IP lookup tools to get more context on suspicious addresses:
- IPLocation.net – Lookup location, ISP, blacklist status
- IPInfo.io – Lookup host details and security risk
- AbuseIPDB – Check IP abuse complaints
Avoid blocking legitimate users like coworkers. Now let‘s see how to block harmful IPs.
Blocking IP Addresses in WordPress
Once you‘ve confirmed an IP address needs blocking, use these WordPress-specific methods:
Block IP from Commenting
To block an IP from posting comments only:
- Go to WordPress Dashboard ➜ Settings ➜ Discussion
- Under "Comment Blacklist" enter IPs one per line
- Click Save Changes
Now those IPs can‘t post comments, but can still access the site.
Completely Block IP Access
For full blocking, use your hosting cPanel:
- Go to cPanel ➜ Security ➜ IP Address Deny Manager
- Enter IPs or ranges under "Add IP Address"
- Click Add
This stops all access and traffic from those IPs. You can unblock specific IPs later if needed.
When Basic IP Blocking Fails
Manually identifying and blocking IP addresses works for minor issues. But attacks often use hundreds of randomized IP addresses that change constantly.
Trying to keep up with these manually is impossible. That‘s when you need an automated firewall solution like Sucuri or Cloudflare.
A cloud web application firewall (WAF) sits between your site and the internet traffic:
The WAF analyzes traffic and blocks malicious requests instantly using advanced heuristics – no manual IP blocking needed.
WAFs like Sucuri can mitigate over 96% of automated WordPress attacks while allowing legitimate traffic through. For comprehensive protection, use a WAF in addition to selective manual IP blocking.
Final Tips on Blocking IP Addresses
Here are my top tips for effectively blocking IP addresses on WordPress:
- Carefully investigate before blocking any IP address
- Selectively block only confirmed malicious IPs
- Monitor logs for any impacts on legitimate users
- Use cPanel blocking for IPs abusing the whole site
- Combine with a WAF like Sucuri for automated blocking
- Unblock IPs if issues are resolved to avoid disruptions
I hope this guide has helped you learn expert techniques to block harmful IP addresses targeting your WordPress site. Please leave a comment below if you have any questions!
