Title: Blocking IPs with .htaccess Last modified: August 18, 2016 --- # Blocking IPs with .htaccess * [ebonmuse](https://wordpress.org/support/users/ebonmuse/) * (@ebonmuse) * [19 years, 12 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/) * Hi all, * I know it’s futile to try to ban every spammer, but I’d like to ban at least a few of the more prolific ones that keep coming back to my site from the same subnets. However, although I’ve tried modifying htaccess to keep them out, they keep coming back. I’ve followed instructions I’ve found on this site and elsewhere, without success. These are the very first lines of my htaccess file: * `order deny,allow deny from 81.177.15.* deny from 81.177.14.* deny from 85.255.113.* deny from 85.255.114.* deny from 195.225.176.86 deny from 85.255.117.250 allow from all * Can anyone see an error in that? How come people from those subnets are still able to access my site? Viewing 15 replies - 1 through 15 (of 21 total) 1 [2](https://wordpress.org/support/topic/blocking-ips-with-htaccess/page/2/?output_format=md) [→](https://wordpress.org/support/topic/blocking-ips-with-htaccess/page/2/?output_format=md) * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [19 years, 12 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/#post-411218) * I sure can. * your usage of the asterics as a wild card is incorrect. * deny from 85.255.114.* == wrong deny from 85.255.114 == correct * [http://wreq.cgd.ucar.edu/manual/mod/mod_access.html](http://wreq.cgd.ucar.edu/manual/mod/mod_access.html) * Best to read up on what you are using it before reading it. * Thread Starter [ebonmuse](https://wordpress.org/support/users/ebonmuse/) * (@ebonmuse) * [19 years, 12 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/#post-411219) * I tried it without the asterisks first, actually, and that didn’t work either( I looked into this before posting here and I found some sites that say to use them, others that don’t). Could there be some way to bypass htaccess, or is there any other error in my code? * [Chris_K](https://wordpress.org/support/users/handysolo/) * (@handysolo) * [19 years, 12 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/#post-411220) * Any compelling reason not to just use plugins that block most of this stuff? ( top post in the threads. Sticky. Has “Spam” in the title.) * Thread Starter [ebonmuse](https://wordpress.org/support/users/ebonmuse/) * (@ebonmuse) * [19 years, 11 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/#post-411241) * I have Akismet, which catches a great deal of spam, but on occasion a few do slip through. It’d be nice if I could cut out the middleman and just block these IPs directly. Is there a plugin that does that? I didn’t see one in the sticky thread. * [yosemite](https://wordpress.org/support/users/yosemite/) * (@yosemite) * [19 years, 11 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/#post-411243) * Bad Behavior… * [Chris_K](https://wordpress.org/support/users/handysolo/) * (@handysolo) * [19 years, 11 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/#post-411244) * I agree with Yosemite. BB blocks 100’s a day for me. * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [19 years, 11 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/#post-411278) * Ebonmuse, if it didnt work without the asterics then there’s a good chance your host doesnt have mod_access enabled. Are you with Godaddy by chance? If so, thats prolly the case. * The way I showed you is the correct way to block ips using mod_access, regardless of what any site that tells you to use them says. * I pasted a link to a mirror of the Apache docs above to reinforce what I said. I’m willing to bet they know what they’re talking about. * Merely reading something here doesnt mean its the correct way. * [Rok](https://wordpress.org/support/users/rok/) * (@rok) * [19 years, 11 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/#post-411285) * Combination of Akismet and Bad Behavior is the Best. * [drmike](https://wordpress.org/support/users/drmike/) * (@drmike) * [19 years, 11 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/#post-411334) * Actually I thought it was this: * deny from 85.255.114. * Note the period at the end. * [Donncha](http://blogs.linux.ie/xeer/2006/06/23/the-akismet-worst-offenders/) mentioned an [extention](http://blogs.linux.ie/xeer/go.php?http://boakes.org/akismet-worst-offenders) that will fill out the htaccess file while deleteing the spam. Maybe helpful. 🙂 * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [19 years, 11 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/#post-411401) * and thats wrong. drmike. * [http://httpd.apache.org/docs/1.3/mod/mod_access.html](http://httpd.apache.org/docs/1.3/mod/mod_access.html) * From the horses mouth: * `A full IP address` `Example: Allow from 10.1.2.3` `An IP address of a host allowed access` `A partial IP address` `Example: Allow from 10.1` `The first 1 to 3 bytes of an IP address, for subnet restriction.` * Moderator [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/) * (@otto42) * WordPress.org Admin * [19 years, 11 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/#post-411433) * If mod_access is unavailable, use mod_rewrite instead. 🙂 * `RewriteCond %{REMOTE_ADDR} ^81.177.15 [OR] RewriteCond %{REMOTE_ADDR} ^81.177.14[ OR] RewriteCond %{REMOTE_ADDR} ^85.255.113 [OR] RewriteCond %{REMOTE_ADDR} ^85.255.114[ OR] RewriteCond %{REMOTE_ADDR} ^195.225.176.86 [OR] RewriteCond %{REMOTE_ADDR} ^85.255.117.250 RewriteRule ^.*$ - [F] * If you’d prefer to tell these IP’s that they’re jerks instead of simply blocking them, change the last line to these two instead: `RewriteCond %{REQUEST_URI}! ^/forbidden.html$ RewriteRule ^.*$ /forbidden.html * And make a forbidden.html file, where you can curse at them all you like. * [manstraw](https://wordpress.org/support/users/manstraw/) * (@manstraw) * [19 years, 11 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/#post-411434) * I learned dr. mike ways ages ago. and always used it. it seems apache docs say different though. I think that format actually belongs to another service. * [war59312](https://wordpress.org/support/users/war59312/) * (@war59312) * [19 years, 11 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/#post-411438) * Dude, here you go: * `order allow,deny deny from 81.177.15 deny from 81.177.14 deny from 85.255.113 deny from 85.255.114 deny from 195.225.176.86 deny from 85.255.117.250 allow from all * You just had the order wrong. You where denying them but then you allowed everyone. So you where simply overiding the deny by allowing from everyone. * The file is read in order. That is why the first line is always the order of which you want the htaccess file to be processed. * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [19 years, 11 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/#post-411445) * war caught the other mistake, very nice catch, war59312! * [war59312](https://wordpress.org/support/users/war59312/) * (@war59312) * [19 years, 11 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/#post-411446) * Hey, * Also, check out this plug-in. I believe it does what you want. 🙂 Such as banning by IP address: * [http://www.deliciousdays.com/smp-plugin](http://www.deliciousdays.com/smp-plugin) * Take Care, * Will Viewing 15 replies - 1 through 15 (of 21 total) 1 [2](https://wordpress.org/support/topic/blocking-ips-with-htaccess/page/2/?output_format=md) [→](https://wordpress.org/support/topic/blocking-ips-with-htaccess/page/2/?output_format=md) The topic ‘Blocking IPs with .htaccess’ is closed to new replies. ## Tags * [htaccess](https://wordpress.org/support/topic-tag/htaccess/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 21 replies * 10 participants * Last reply from: [maerk](https://wordpress.org/support/users/maerk/) * Last activity: [19 years, 11 months ago](https://wordpress.org/support/topic/blocking-ips-with-htaccess/page/2/#post-411754) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics