How To Block IP Address In WordPress & Secure Your Site?

In this article, learn about IP addresses, ways to find your website visitors' IP addresses, and the ways to block them.

If you are a WordPress user, you might have already heard about how a website could get attacked all the time by hackers. While there are many other websites on the internet, WordPress websites tend to gain more attention due to their extreme popularity.

Have you ever noticed that someone is constantly attempting to spam your website? Or do you suspect that a particular person is trying to hack your website? You might have thought, Damn, I wish I could block people on my website as I do on my Instagram. Oh, you absolutely can. But how do you do it? In this article, I will explain all about IP addresses and the ways to block IP addresses.


IP Address-Things You Need To Know About It

Before you learn about how to block an IP address, you should know what exactly an IP address means. Did you ever wonder if it is possible to identify a device on the internet? If you have, then the answer is IP address. IP stands for “internet protocol.”

An IP address consists of four sets of numbers ranging between 0 to 255. These four sets are separated by dots and altogether form an IP address. For example, An IP address looks like this:

Devices having an internet connection will have an IP address, and the people who visit your website are no exception. All your visitors’ IP addresses will get stored in your website logs. So if you want to want to restrict someone from visiting your website, you can block their IP address. However, using a VPN will hide the IP address and other personal information.

If you see many spam comments, hacking attempts, spam in the contact forms, or if you suspect a DDoS( distributed denial of service attack), then you can block the troublesome IP addresses.

You can learn more about contact form spams and DDoS attacks from the following articles:

How To Secure A Contact Form On A WordPress Website?

Distributed Denial Of Service(DDoS Attack)-Explained

How To Find Out The IP Addresses Of Unwanted Visitors?

If you want to block visitors spamming your comment section, go to the comments section present on the left of your WordPress. Once you select comments, a new page opens up, and you can see the IP address of users who comment on your posts under their name. Note down the IP addresses so that you can block them later.

Comment IP Address

While dealing with attacks like the DDoS attack, you will have to find the IP addresses through your website access logs.

Follow these steps to find the IP addresses:

IP addresses1
IP addresses3
  1. Find logs in the cPanel dashboard of your hosting account.
  2. Look for raw access logs.
  3. Select your domain name. This action will download the access logs in a .gz archive file on your computer. 
  4. Extract the access logs using programs for archived files.
  5. Open the access logs. 
  6. Find the IP addresses that constantly send requests to your website and note them down. 

Disclaimer: Make sure that you do not block legitimate users. Double-check before you restrict an IP address from your website.

Block IP Addresses On Your WordPress Website

Since we have learned about IP addresses, the way to access your website visitor’s IP address, it is time to understand how to block the unwanted IP addresses.

Block IP Addresses From commenting

disallowed comment keys

To block an IP address from commenting on your website, you first need to go to the discussion under the settings section present on the left of your WordPress. Scroll down to find the disallowed comment keys on the discussion page. Enter the IP addresses from which you would like to restrict comments.

Block IP Addresses Using .htaccess On WordPress

Note: Blocking IP addresses using .htaccess is the manual way of blocking visitors from your WordPress websites. However, I don’t recommend this method to beginners and do not know much about WordPress because it is a risk-involved method. If you are sure that you can handle it well, make sure to backup your website before implementing this method.

Follow these steps to restrict users from visiting your website:

  1. Go to cPanel on your WordPress hosting account.
  2. Look for files and open file manager.
  3. There, you will find the .htaccess file in the public_html folder.
IP addresses2

4. Right-click on the .htaccess file and choose edit.


5. Add the following code to the file and save changes.

Code Snippet

order allow, deny

deny from (the IP address that you want to block)

deny from 8.454.783.034

allow from all

Block IP Addresses Using WordPress Security Plugin Hide My WP

As I’ve earlier mentioned, using the manual method can be risky and may alter things on your website. Hence, most people use plugins like the Hide My WP that has a feature to block IP addresses.

The following steps will guide you to block IP addresses using the Hide My security plugin.

  1. Go to the plugins section present on the left of your WordPress and select on add new.
  2. Look for the Hide My WP and install it. Check out this article to learn about setting up the plugin: How To Install And Setup Hide My WP Security Plugin?
  3. Go to settings under the Hide My WP plugin and select the protection section. 
protection section

4. Now find the Blocked IPs box and add the IP addresses you want to block to it.

blocked IPs

5. Save changes, and now you can stop worrying about Bad IP addresses. 

Some other useful features of the Hide My WP security plugin are:

Hide My Wp security plugin
  • You can hide your Login Page and evade brute-force attacks.
  • It has a firewall that can block attacks like XSS,  SQL injectionCSRFCommand Injection, and more. 
  • You to replace anything like text or URLs in your website source code.
  • It has a Trust Network that auto-blocks malicious IP addresses.
  • You can hide defaults WordPress paths like /inc, /inc/themes, /ext, /inc/uploads, /other, etc.


All the WordPress users, at some point, want to block a specific or a group of IP addresses because they deem them to be harmful. You might also have, so you can restrict someone from commenting or some people from visiting your website using a manual method or a WordPress security plugin. Either way, you will not have to worry about malicious IP addresses anymore.