Dealing with a bot, spammer, or hacker constantly hitting your site?

There are many reasons you may need to block an IP address from visiting your website.

  • To prevent particular users doing malicious things with your website
  • Trying to spam your web forms
  • Hack your shopping cart, etc.
  • Big impact on your visits and bandwidth

When You need Block IP Address :

  • A high number of consecutive login attempts (indicating a potential attempt to hack your site).
  • Lots of spam comments posted by users from the same IP address.
  • Access attempts on sensitive or restricted information by an unknown user, or a user without the correct permissions.

How to block IP addresses in WordPress

If you see a pattern of suspicious activity like this, you can blacklist the IP addresses involved.

1 ) Block specific IP addresses from using your comments section : A common use for blacklisting is to prevent spammers and bots from posting unwanted messages in your comments section. If you visit the Comments tab in your WordPress dashboard, you can see the IP address each message was posted from.When you notice multiple spam comments resulting from the same IP – even if they’re posted by different users – you can simply block that address. To do this, navigate to Settings > Discussion and look for the Comment Blacklist field: you can add in any problematic IP addresses

2 ) htaccess :

you’ll need to log into your site directly using File Transfer Protocol

With your FTP client open and running, look for your website’s root folder. This is often named after your domain, but might also be called www or root. With this folder find the .htaccess file

Right-click on this file, and select Edit. This will open the file in your default text editor, enabling you to make changes. On a new line at the bottom of the file, paste in the following snippet:

Order Allow,Deny

Allow from all

Deny from

If you don’t like editing your .htaccess file directly or if don’t have access server or FTP , you can also use the free IP Ban WordPress plugin

3) Login : Using WP User, you can easily find your site visitors’ website addresses and based on these addresses block user. If you use such IP ban protection on your website, you will also need to not only list individual addresses to be blocked but also IP masks and IP ranges.

Using WP User you can block :

  • Single IP addresses Ex.
  • IP ranges such as Ex.
  • IP masks Ex.210.98.*.*.

Enter IP (,) Comma separated like as follow :,,,,



Pinpoint IPs that may be malicious :

  • WP User :  By looking through the resulting logs, you can identify IP addresses that have made too many login attempts or tried to access sensitive information.
  • You can often find some of the same information in your web host’s logs. Visit your hosting control panel, and look for the option called Raw Access or Raw Access Logs:download a file with information about all the access attempts made on your site. you can then look for IP addresses that have tried to gain access to sensitive pages, or have made an unusually high number of login attempts. If you have trouble locating this option in your control panel, you can usually find help in your hosting provider’s documentation.


Website security should be a top priority for every WordPress user.

You’ll need to find ways to keep out troublesome bots and malicious users, so they can’t target your site with spam or steal sensitive information.