Support » Fixing WordPress » Block IP Address

Viewing 15 replies - 1 through 15 (of 15 total)
  • Just type it into the spam words list in your Options/Discussion screen. Make sure you don’t leave any blank lines in there though 😉



    You can always ban IP ranges through your CPanel or Plesk or similar console if you have access to it through your web host.

    Moderator James Huff


    IP blocking really is not a good idea, for two reasons.

    1. Most IPs are dynamic. They will be given to legitimate users the next time they log on.

    2. Most spammer IPs are spoofed (faked).

    Either way, you will only block the spammer for about 24 hours, then you will start blocking your future (legitimate) readers. It’s best to block keywords and domain names.

    Mark (podz)


    Support Maven

    I’m aware of what macmanx advocates, and I have seen that view expressed by others.
    That said, the .htaccess that covers my site – not just by blog – bans several thousand IPs and has done for many months now.

    I have had one request to unblock someone.

    Just make sure your 403 page is a good one.

    Comprehensive guide to .htaccess

    You can block certain IP ranges, referers or ISP via htaccess. But beware it’s a sledgehammer.

    For example I have blocked all people coming from Goggle image search, since I can afford all these image leeches sucking away bandwith.

    I also have custom 4o1/403/404 pages.

    I would like to try and block a person from even being able to read my blog and access the site. Can I do this through his i.p.? I don’t know much about computers. Does his i.p. change every time he logs on? Is there another way from blocking him altogether?

    Mark (podz)


    Support Maven

    You could do that through his IP.
    BUT he can then use any other computer to see your site
    or he could use an anonymizer site to get around the ban.

    In reality you would spend a large amount of time trying to ban him while all he has to do is something very simple to get around it.
    The only way to really stop him is to password-protect the whole blog – but that will cost you visitors.

    Mark (podz)


    Support Maven

    And seeing as this is quite an old thread – I have very few IP bans going on. Just bad bots 🙂

    Thanks for the reply. This particular guy reads my blog from his home computer only and would not dare access the blog from work in afraid of being caught. The name of my blog alone is enough to scare some people off. Also, we figure he’s too lazy to go elsewhere to try the blog on a different computer if it means going out of his way. So I don’t actually run my blog, I’m just the writer. A friend of mine set the whole thing up.

    My next question is if I block this guy does he get a forbidden message or just a broken link? Is this something I need to ask my friend? He doesn’t have much time these days to update or make changes on the backend so I’m trying to do some legwork first before bothering him. How do I go about blocking his ip then?

    I’d like to allow users ONLY belonging to a ip block to access my blog. Any ideas?

    Using Apache?

    … then use mod_access. When you say IP block though — do you actally know the IP block, a range, something?

    Order Deny,Allow
    Deny from all
    Allow from

    Yes. I am using Apache through a hosted ISP (1and1). Yes, I know the IP addresses and range I want to allow. Sorry, I’m new to this stuff. . . . . Not sure how to “plug” the commands in (Order, Deny, Allow . . . .etc. How do I actually do this? Through the 1and1 admin panel?


    the reason I asked if you knew the range is because its easier to use CIDRs then manually type in the IPS.

    mod_access does NOT allow this:

    allow from

    so you either type in ALL the IPS or use the corresponding CIDR for the range(s).

    But, for me, or anyone else that knows how to do netmasking/subnetting/etc to give the correct CIDR, they would need that range.

    Those are statements (not commands), and the example I gave needs to go at the top of your .htaccess in the root of your WordPress install, or the web_root of your domain, whichever youre intent on restricting.

    How you edit your .htaccess is up to you.

    Podz wrote ‘ The only way to really stop him is to password-protect the whole blog’. How’s the best way to do this?

    passwd protecting your entire site is done using mod_auth, assuming your using Apache.

    Perhaps someone else will be so inclined to explain to you how to set up the files, I am not that person. There is a plethora of information available via Google that explains all of that in greater depth, and you can find it if you look.

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘Block IP Address’ is closed to new replies.