How to Block Malicious IP Addresses in WordPress

Welcome back to part 2 of this series on IP Address Blocking from your trusty WordPress agency for development, Vipe Studio.

In the previous part, we explored what it means to block IPs, and when you might need to do it. Today, we’ll look at a couple of methods, so let’s get to it!

IP address blocking in WordPress

Last time, we noted down a list of IP addresses from the WordPress dashboard that we wanted to block. To do so, follow these 3 steps:

• Copy over the list of IPs that you wish to block and paste them into a new text file. It’s always advisable to resort to copy and paste, as we don’t want a stray typo or two that could let some IPs off the hook, and blacklist others instead.
• Open up the dashboard on WordPress and click on ‘Settings’, then ‘Discussion’, and you’ll see settings for your website comments. Scrolling will bring you to the ‘Comment Blocklist’, where you can use a variety of criteria such as keywords or URLs or emails…or IP addresses. Any comment that contains or is from the IP address you paste here will be moved to trash.
• Copy the list of IP addresses from the text file we created, and paste them into this section, ensuring that each IP is on a separate line. ‘Save Changes’ will set the blocking process in motion.

Blocking IPs from a country

Sometimes we want to block access to the website for users from a country (or many) – either because the website is designed with some culture in mind, or perhaps you’re getting a lot of ill-intentioned visitors from a country. To achieve this, we will need plugins.

Search for ‘iQ Block Country’ under ‘Add New’ in Plugins in the dashboard, install it, and activate it.

Next, you’ll be shown a notification that tells you how you can get a database file to be uploaded. The notification will show you how the paid version works if you’d like that, but for now, we’ll be discussing the free database. Head over to Maxmind and create an account, then log in.

Here, you can pick ‘Download Databases’, and scroll till you find the database named ‘GeoLite2 Country’, then download it.

Using compression software like 7-Zip, extract the database and copy the file ‘GeoLite2-Country.mmd’. After this, the mmdb file needs to be uploaded to wp-content uploads on your website, ideally over SFTP.

This uploaded database plugs into the IQ Block Country plugin, and you can now pick countries. It’ll check the country of every IP address that visits you, and block the ones that are from regions you’ve picked.

To do this, return to the iQ Block Country plugin settings and choose whether you’d like the block to apply to your website frontend, backend, or both. Let’s use ‘Frontend’ for now, so under that tab, select from the dropdown menu which countries you’d like to block traffic from. As always ‘ Save Changes’ will work the magic, and your blocking will be in place.

That concludes this two-part tutorial series on IP address blocking on your WordPress website, and we hope you found it useful. It goes without saying that a reputable development agency would take care of IP address blocking as part of their security services, so if you’re in two minds about hiring a WordPress agency for development, this could help you make up your mind about it.

That’ll be all from us at Vipe Studio for now, and we’ll meet you next time when we’ll bring you more such guides and tips!

More on The Topic

• 4 Indicators Your WordPress Website Is Being Hacked
• 10 Indications Your WordPress Website Is Hacked
• The Best Ways to Avoid a WordPress Hack
• Why Does Google Replace the Title Tags of Your WordPress Website (And What Can You Do About It)?
• How to Prepare Your WordPress Website for a Crisis