How to Blacklist IP Addresses and Users to Protect Your WordPress Site


No matter how large or small your website is, security is crucial. One of the most effective ways to protect your website is to block IP addresses and harmful users from having access to your website. This is known as blacklisting and it can be done several ways.

By blacklisting IP addresses you can avoid hackers, denial of service (DDOS) and brute force attacks, email spam, comment spam, and even unwanted visitors. In this article we’ll take a look at how to blacklist IP addresses and users to protect your WordPress site both manually and with plugins.

What is an IP Address

In order to know what to block we need to know what we’re looking for. So, what is an IP address and what does it look like?

In order to connect to the Internet, the Internet Service Provider (ISP) assigns each computer or device an IP address. The IP Address is the Internet Protocol portion of TCP/IP – Transmission Control Protocol / Internet Protocol. The simplified answer is it’s string of numbers that tell the browser where to find the website.

There are two types of IP addresses:

IPv4 – the most popular and has been around since the 70’s. It’s a 32 bit address with 4 sets of numbers from 0-255, separated by a dot. An example might look like this:

255.70.1.5

IPv6 – was developed in the 90’s and is meant to eventually replace IPv4. It was created due to the high amount of traffic on the Internet. It’s a 128 bit address with 8 groups of 4 hexadecimal digits separated by colons. An example might look like this:

2001:0db8:0000:0042:0000:8a2e:0370:7334

There are ways to abbreviate them, such as removing the leading 0’s:

2001:0db8:0:0042:0:8a2e:0370:7334

And removing the consecutive 0’s:

2001:0db8::0042::8a2e:0370:7334

Block IP Addresses and Users Manually

If you’re not using plugins there are two locations to find IP addresses. One is the comments area within WordPress. The other is on your host’s dashboard, which includes all IP’s (not just commenters) and can help you find attackers. Both allow you to block or unblock IP’s and are good options to block individual users. With the host dashboard you can and even regions or countries.

Blocking IP Addresses and User’s within WordPress

IP addresses for commenters are displayed within the comments tab in the dashboard menu. All comments display the IP address under the email address.

These are easy to use because you know the users you’re looking for such as spammers or those who refuse to abide by your commenting policy. This is my latest round of spam. Notice the first and second have the same IP address and the third and fourth have the same IP address. These are the IP addresses for spam bots.

Copy and paste the IP addresses that you want to block with the Comment Blacklist field. In the dashboard menu, go to Settings > Discussion and scroll down to Comment Blacklist. Paste in your list of URL’s (one per line) and save. This helps for commenters, but for hacking attempts you’ll need to dig a little deeper.

Blocking IP Addresses and User’s within cPanel

Your host keeps a log of all IP’s that have visited your site. You’ll find this information from your hosts’ cPanel or similar dashboard. If you’re using cPanel, under the section labeled Metrics look for a file called Raw Access (or similar name, depending on your host).

Open the file in a text editor and you’ll see the IP addresses of all the visitors. It’s more difficult to know which IP is the culprit, but you block them the same way as you would users. One problem to this method is it’s too easy to block search engines, other users, or even yourself. It’s a good idea to check suspicious IP addresses with online tools such as IP Address.

Within your cPanel, go to Security > IP Blocker (or IP Address Manager, or similar) and paste the addresses.

In my case I’m pasting them in one at a time. Depending on your host you might have the option to block a range of addresses.

Block IP Address and Users with Plugins

One problem with blocking IP addresses manually is they can be random, meaning that you keep getting attacked by other IP addresses. This is difficult to keep up with. A much better way to know which IP’s to block is by using a plugin. There are several high-quality plugins in all price ranges. Here’s a quick look at the most popular free security plugins with blacklisting capability.

WordFence

Wordfence has a firewall where you can create blocking rules and block by IP address, country, and pattern. It also protects from brute forces attacks by limiting login attempts.

You can get the addresses from reports that Wordfence provides about suspicious activity. Here I’m looking at my live visitors. It shows which is human, which are bots, identifies some as a warning, and shows which have been blocked. In this example I have a few bots from Russia that I can block.

Enter the addresses and provide a reason for the block so you’ll remember what the issue was if you decide to reconsider blocking them.

Block a country by selecting it on the map. This requires an upgrade to premium.

You can also block based on a custom pattern. This includes a range of addresses, hostname, browser, and referrer.

See Plugin

iThemes Security

iThemes Security has a featured called Banned Users. It also has local and network brute force protection. You can enable the default blacklist from HackRepair.com, enable ban lists, enter hosts to ban, and ban user agents. It has protection so you can’t ban yourself. Enter the list of IP’s and save it. The premium edition includes a user security check feature.

The logs will show important events and provide you with the hosts so you can block them.

See Plugin

All In One WP Security & Firewall

All In One WP Security & Firewall has a blacklist manager where you can enter IP addresses and user agents to block. There’s also a premium addon available that will blacklist a country. A login lockdown feature protects against brute force login attempts.

It includes a Whois lookup tool where you can learn more about who you’re blocking.

A comment spam IP monitoring tool lists the IP addresses of spam comments that you’ve received. You can view them, search them, and block them in bulk.

See Plugin

Ending Thoughts

Blacklisting IP addresses and users is a great way to protect your website from spam and malicious attacks. Blocking unwanted IP’s and users can improve both the quality and security of your website.

There are other ways to handle spam, such as a spam blocking plugin, but blocking the IP address of the spam bot keeps it from getting to your website in the first place, which improves security, the possibility of spam getting through, and saves resources since the spam bot can’t take part of your bandwidth.

It’s easy to blacklist IP’s manually, but plugins offer several advantages such as identifying those with multiple login attempts, blocking known spam and malicious IP’s, providing whois tools, blocking countries, etc., as well as other firewalls and security features.

There are lots of plugins and methods to blacklist IP addresses. Using the methods described here, you can easily blacklist unwanted IP’s and users and protect your WordPress website, making it a better and safer website for your legitimate users.

We want to hear from you. What is your preferred method to block IP addresses and users? Let us know in the comments.

Featured Image via Zeeker2526 / shutterstock.com

The post How to Blacklist IP Addresses and Users to Protect Your WordPress Site appeared first on Elegant Themes Blog.

Like it.? Share it: