How to Block IP Addresses and Prevent Attacks in WordPress

If you’re a newbie in using WordPress, you’re lucky to have reached this page. Sadly, users of WordPress are never free of attacks. There are just those people or robots online which aggressively spread these malicious attacks to blogs that lead to disasters. In this article, we will discuss three of the best ways on how to block IP addresses and prevent attacks in WordPress much like as helpdesk services would provide information.

Use a (.htaccess) file

If you had just setup your blog on WordPress, you would not have the .htaccess file’s right settings to ban users (ISP or hostname) by default. To block ISPs, what you should do is to add “order allow,deny”, “deny from” and “allow from all” in the bottom portion of the file located in the root of your site. This example instructs the system to block the IP address from accessing your site. You can add more by entering more lines with the same code but different syntax.

Note to add these lines outside the # BEGIN WordPress and # END WordPress.

Aside from this capability, editing of the .htaccess file also enables you to ban a specific user or a group of bad users through their hostnames.

For instance, if you know that the hostname is “,” then it is wise for you to add or update the codes “order allow,deny”, “deny from” and “allow from all” manually.

The result is that whenever there’s a hostname or an ISP that is not coming from your site requesting for WordPress login, the .htaccess will block it without invoking the mod_security, a PHP process or your firewall. You have like a security guard to protect your “home” for 24/7.

Use CloudFlare


Using CloudFlare and other host sites makes your WordPress blog more secured against hackers because you are then viewed as a hard target. Brute force attackers would change their minds and refocus on getting other victims as opposed to trying to hack into your blog.

CloudFlare combats and blocks unknown and malicious requests that target your administrative account. This will help you minimize the number of attacks from sophisticated botnets that comprise of over hundreds of thousands computers. Such attacks extrapolate more than 60 million requests to get about two billion password in just one hour. Other hosting sites like Joomla is also a target of the attackers but the vast majority of users victimized are from WordPress.

CloudFlare has both free and paid versions. If you are only starting, having a free account is enough as you can still enjoy the benefits of being protected against being attacked.

Use a Strong Usernames and Passwords


Without going too technical, using a strong password is the most basic way to go to prevent attackers from gaining access to your WordPress site. Usually those bad IP addresses can guess your password if it’s too short and composed of only numbers and letters. Experts advise that users should update their passwords regularly and frequently so that crackers can never get to the passwords they use at a time.

In the same fashion, usernames should also be difficult for botnets to determine. WordPress 3.0 gives users the liberty to choose their usernames. It would be wrong for users to just go with “admin” as this is the first username suggested on installation by default. When this is chosen, botnets can easily access the WordPress account by pairing “admin” with a bunch of common words for passwords.

A good recommendation is to have special symbols like !, @, #, $, etc., numbers and a mix of upper and smaller case letters into the usernames and passwords. Make sure that the password does not fall below eight characters long.


If you notice that your site is getting slow and you have problems in logging in despite using the correct set of username and password, your site may have been compromised. Security requirements are not served to you in a silver platter. When you decide to start up a blog hosted in WordPress, following these simple steps to block IP addresses will help your site be free from viruses and attacks by online intruders.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top