How to Ban an IP Address from Accessing Your WordPress Site?

IP Address


Ban an IP address: Brute force attacks are one of the most common forms of attacks made on WordPress websites today. Hackers make repeated login attempts on the WordPress login page during brute force assaults. One of the ways to avoid attacks by brute force on your site is to ban hackers’ IP addresses.

An IP address is connected to any device, smartphone, and tablet. Often, there is an IP address on the computer on which you are reading this article (try Googling “What is my IP?” to clarify yours). There’s an IP address for a hacker making an attack on the WordPress website. You can log these IP addresses and fully ban them from accessing your site. One way to do this by using the .htaccess format.

Let’s take a look at some of the pitfalls before we venture into how to ban an IP address using .htaccess:

You Site May Crash

One of the most relevant files on the website is .htaccess. It is a configuration file that, but with care, you can change. One error will prove to be devastating. To avoid making a modification to the .htaccess code, persons lacking any technical expertise are generally advised. There are plenty of free guides about how to edit .htaccess, but editing the file comes with a number of threats. Any misconfiguration can cause you to misbehave or even crash your web.

You May Block Search Engine Crawlers

A misconfiguration can often lead to search engine bots being blocked. They will not be indexed, nor will they ever feature on search engines, if the websites are not browsed. You might accidentally trigger an SEO tragedy and start losing your site’s search engine rankings.

You Can Accidentally Ban a Valid User

We saw discussions on forums where site owners complained of mistakenly banning an admin’s IP address. There is always the possibility of blocking visitors of your site inadvertently. You can end up blocking anyone you didn’t want to block if the IP address is wrong.

Often, certain users are inadvertently blocked by site managers. There will be several people using the same IP address in areas like an office building. At times, just a handful of IP addresses could be used by an entire country (even if a small one). In such situations, you can inadvertently end up blocking a large number of visitors by banning an IP address.

You May Miss Out on Potential Audience

The main concept of creating an online website is to encourage users and target an audience that can be found anywhere in the world. Although if any websites resort to banning countries, they risk blocking potential audiences. The quality of your site is important to all persons, regardless of their geographical location. You may have a legitimate excuse to block a whole country, but you are still missing a good pool of audience at the same time.

Hackers can Still Access Your Site

Changing an IP address will intimidate a beginner, but since he knows how to circumvent those tactics, a veteran hacker would remain undeterred. Network IP addresses are open to hackers because they very rarely adhere to one IP so it can be caught and blacklisted. Hackers never hit a particular location, too. They simultaneously initiate attacks on a variety of sites using a cluster of IP addresses they have constructed. Therefore, they turn to another when you ban an IP address. Banning IP in those situations is just a brief relief.

There are the pitfalls of making an IP address banned. Here’s what you need to do if you really want to go through with the process:

How to Ban an IP Address Using the Htaccess?

Identifying these addresses is the first apparent move. Safety plugins such as MalCare Security Service show you the IPs of visitors who have been unsuccessfully attempting to log in to your site. It is easy to see, reading through the file, how some of the IP addresses struggle to log in on a regular basis. You will also note, in addition to the IP address, the usernames that were used to log in. To make sure that you do not add a legitimate user as bad traffic, you should verify if the username exists. And open your .htaccess file after you have a list of bad IP addresses you want to block.

The .htaccess is a configuration file that you can access from your file manager.

Step 1: To access the .htaccess, open your web host account and go cPanel. Select File Manager, and it’ll take you a page that looks somewhat like this:


Step 2: On the left-hand side, there’s a public_html folder. In the public_html, you should find the .htaccess file.


Step 3: Right click on the file and select Edit.


Step 4: And then simply paste the following code in your .htaccess file:

order allow,deny 

deny from 

allow from all

The above code will successfully block the IP “”. You can replace this with the IP you want to block. You can also add multiple IP addresses, each on a separate line such as:

deny from

deny from

Depending on what you want to block, you can even add this at a directory level. If you want to ban users or an ISP using the hostname, simply paste the following code in your .htaccess file:

order allow,deny 

deny from 

allow from all

Hackers use a network of bots in brute force attacks to initiate attacks on WordPress pages. Each bot has an IP address allocated to it from a range of addresses on this network. When your site is under attack, you’ll find a trend, a range of IP addresses, if you look at the bad IPs. Instead of picking individual IPs and blocking them, it’s quick to block the whole range in one go.

If you find a difficult job to alter .htaccess, then use a security plugin such as Wordfence to ban an IP address.

One of the ways to protect the website from hackers and bots is by blocking IP addresses. You can also take a few other protection precautions other than that, such as changing your website from HTTP to HTTPS, covering the login tab, and hardening your website with WordPress. In addition, we highly recommend Safe Your WordPress Platform With wp-config.php following this tutorial.

Over to You

The .htaccess is a very strong mechanism that can trigger unwanted effects by manipulating it. It is necessary, therefore, to take backups so that you can easily recover the previous version of the site when something goes wrong.

Many thanks for reading!