How to Block IP Addresses To Protect Your WordPress Site

IP Address

On your WordPress account, do you get a lot of spam comments?

One of popularity’s greatest drawbacks is that it draws negative publicity.

When a website expands, it continues to attract more and more users. Any tourists have malicious intent (or rather, hackers). Hackers also leave suspicious remarks attempting to pull users away from your site. Or they plant malicious links to hack the website with them.

When a website is compromised, they will use it to conduct actions such as storing the website’s unauthorised files and directories, downloading private information, submitting spam emails, or even launching other website assaults.

If you’re unfortunate, things will begin to escalate and Google will blacklist your domain and your hosting company will suspend your site.

But don’t worry, you should save this nightmare from unfolding. The blocking of their IP addresses is one of the easiest ways to protect your WordPress account from spammers and hackers. We are going to teach you exactly how you can do it in this post.

What is an IP Address?

There are billions of internet-connected devices and it is easy to recognise any single computer (be it a smartphone or a laptop). This ensures that a computer will be detected if it is used to initiate ransomware attacks.

Because of IP addresses, this is likely. A special numeric code assigned to a computer that is wired to the internet is an IP address. There’s an IP address also for the computer you are using to read this post, such as your mobile, tablet, or laptop.

Through opening Google and entering what my IP address is, can you search your same IP address?


A number, such as, would be your IP address.

If you enter the URL (such as or in the address bar or search for Google, you ask the browser to show you a particular page or search for an enquiry. Your request is tagged with the device’s IP address.

Millions of such requests are managed by browsers. The IP address lets the browser recognise the device to which the message should be sent.

Now that we understand what an IP address is, let’s look at the reasons why you would require IP address blocking to be enforced.

Reasons For Blocking an IP Address

A computer is used by each user who comes to your site, so they have an IP address. You will block them from accessing your site if you know the IP addresses of unauthorised users whose purpose is to damage your site.

There are two forms of damage to your website that visitors can cause. Leaving spam messages and attempting to hack your website are others.

Spam Comments

Spam comments often posted by bots are useless comments. They may have advertising for illicit drugs or a connection to another website that keeps the traffic away.

As well as nearly all message extensions, WordPress promises to accept comments manually before they are released on the website.

But moderating comments can be boring and time-consuming, so it’s best to detect and fully ban malicious IP addresses from accessing the website.

Blocking Hack Attacks

One of the most common forms of hack attacks is called cross-site scripting on a WordPress website. Comment areas are used in this form of attack to access your website or collect personal data from your guests.

Posts can be an integral aspect of a website, but it is not possible to remove from site operators. In any case, blocking WordPress from malicious IP addresses is an appropriate approach.

How to Block an IP Address in WordPress?

There are two forms for IP addresses to be blocked. You can do so with a plugin or manually. You first need to find the IP addresses before we teach you the directions.

How to Locate Suspicious IP Addresses?

The IP address of someone making a message on your website is registered by WordPress. All you need to do is-

  • Login into your dashboard on WordPress and go to Comments
  • You will see all of the comments and IP addresses of those who have left them on your blog on the next tab.


Make sure to remember the IP addresses in the spammy-looking comments. Posts of dubious connections, for example. Sometimes, they are unrelated to the subjects you’re concerned about in the post.

Look out for foreign language comments and also for links found within the text.


You will continue to block them until you have all of the suspect IP addresses.

Blocking IP Addresses in WordPress

There are two means of achieving this, as we said earlier. You can, you can—

  • Block IP Addresses With a Plugin (easy way)
  • Block IP Addresses Manually (hard way)

It is time-consuming work to manually block IP addresses and the effects are not all that reliable. But then jump to this segment if you want to go ahead with the manual road.

Block IP Addresses With a Plugin

The method can be automated by a protection plugin like MalCare. To block them, you don’t have to go hunting for spammers and hackers. MalCare can detect and prohibit them from entering the website completely automatically.

  • It will mount a strong firewall on your site until you trigger MalCare, and will investigate anyone that wants to visit it. If it detects the IP address of the visitor as suspicious, it will block it promptly.
  • In addition, the firewall holds a list of all the countries whose visitors it excludes. Make a note of the countries to help secure your website, and then block them using MalCare’s Geoblocking or country blocking feature.


Block IP Addresses Manually

There are also a few ways of doing so when it comes to manually blocking IP addresses. You could:

i. Use WordPress Discussion Option
ii. Use IP Blocker on cPanel
iii. Use .htaccess File

Use WordPress Discussion Option

A native comment blacklisting alternative is provided by WordPress. You will use it to ban the posting of spam comments through IP addresses.

  • Login into the dashboard for WordPress
  • Then navigate from the menu to Settings > Discussions
  • You should be able to see a segment called Comment Blacklist on the Discussions tab and scroll down.
  • Paste in that segment the IP addresses
  • Know Saving Changes


This would only block spam comments from leaving blacklisted IP addresses, but they will still reach the site and attempt to hack it. You should follow the procedure below in order to block IP addresses from accessing your site.

Use IP Blocker on cPanel

In order to secure your domain, most hosting companies provide an alternative to block IP addresses.

  • Sign into your account for the hosting
  • Navigate to cPanel and go to the Security section. There should be an alternative in this section that will cause you to block IPs. The alternative is called IP Blocker on Bluehost. Some providers of hosting would call it something similar.


  • First, you will need to connect the IP addresses one by one and they will be blocked by your hosting company.


Use .htaccess File

The last choice to manually block IP addresses is to link them to your file with .htaccess.

Websites for WordPress are composed of files and directories. One such file is .htaccess. It is an essential file for setup. It includes some rules to provide the website server with instructions.

The .htaccess file can be changed and IP blocking instructions applied.

IMPORTANT: We recommend doing a full website backup before we show you the steps you need to take. The .htaccess file is a significant WordPress file and it is a dangerous business to change it. Small errors will result in your website being destroyed. If you have a copy, it can be returned back to normal easily.

  • Sign into your hosting account with WordPress.
  • Navigate to cPanel, then navigate to Files > File Manager.
  • · You can find several directories and directories in the File Manager. You can find the .htaccess file in a folder called public html.


  • When you find the file, right-click on it and choose Edit.


  • Then add the following snippet of code at the end of the file
order allow,deny
deny from
deny from 3.374.983.084
deny from
allow from all
  • Remember to Save Changes


It informs the host which IP address to deny the site access and to allow the rest to be accessed.

For representation purposes, the IP address that is present in the code is. Replace them with an IP address list of your own that you choose to block.

It’s possible to add as many IP addresses as you want.

With that, we have come to the end of how to secure the WordPress account by blocking IP addresses.

What Next?

To secure your WordPress website, we highly suggest downloading a WordPress protection plugin.

There won’t be a need to manually block IP addresses if you use a protection plugin like MalCare. It will mount a firewall that will block unauthorised visitors’ IP addresses automatically. They can’t leave spam messages or attempt to hack your site if they can’t visit your site.

Besides this, you will block a whole nation from accessing your website with MalCare. Not just that, it will search the website on a regular basis, and automatically notify you if any unusual activity is detected. Among other security features, the plugin can help you enforce site hardening steps.