Your site is designed to concenter visitors, create interest, and ultimately drive engagement. In most cases, this leads to a anticipated pattern: Better content creates better SEO, which increases traffic and improves overall sales conversions.

In many cases, information technology also ways increased interaction with your site itself — from comments on new posts to electronic mail inquiries and social media mentions.

But what happens when this attention isn't advantageous? What steps tin you lot take if visitors are leaving rude or aggressive comments, spamming your inbox with emails, or slowing downward your site with unwanted traffic?

While it's possible to resolve some issues with polite requests and reasonable restrictions, there are times when you're best-served past blocking specific Internet protocol (IP) addresses to frustrate offensive commenters, stop spammers, and avoid ongoing attacks. Let'south dive into details of why, when, and how to cake an IP address.

Download Now: Free Intro Guide to HTML & CSS

What is an IP Address used for?

IP addresses are much like physical addresses — they provide data about both the device and network being used to connect.

Unlike concrete addresses, withal, they're not static; while yous'll generally accept the same IP address when connecting devices through your home network, this address changes if y'all're using another network outside your home and can as well change if you reboot your router or switch Internet providers.

The most common type of IP addresses, known every bit IPv4 addresses, utilise four sets of up to three numbers each separated by dots, similar this:

127.0.0.1

This address is known as the "loopback accost", which all devices use to identify themselves on any network. They are then assigned a specific IP address to connect to the Net at large.

Anyone who connects to your site with any device does then using an IP address, which is recorded past your content management system (CMS). Permit'southward say you're using WordPress. If users exit a comment, their IP accost can be found in the "Comments" section of your WordPress admin page.

You can as well observe a list of all the IP addresses that take visited your site using your WordPress hosting provider's cPanel dashboard. Observe the "Logs" section and so click on "Raw Admission Logs". One time you lot've downloaded the raw access data file you'll need to decompress it and open it using a text editor to come across a listing of all the IP addresses that take recently visited your site.

Why Block an IP Address

If visitors leave a negative comment on your site, information technology'south oftentimes possible to reach out and resolve the trouble without any further problems. In some cases, all the same, this isn't effective, resulting in mail comments sections that quickly descend into mean-spirited and unproductive debate.

It's as well possible that your website may be targeted by malicious actors looking to compromise administrative logins or carry out distributed deprival of service (DDoS) attacks which tin can significantly reduce site performance or take your site offline entirely.

While information technology's e'er preferable to resolve issues without blocking users or their devices, the scenarios listed to a higher place call for more drastic activity: Blocking IP addresses.

How to Block an IP Accost

So how do yous cake an IP accost?

Blocking a single address is possible using your WordPress administrator folio. Caput to the "Comments" department and click on a specific comment to see the user'south IP address. So, become to "Settings", click on the "Discussion" submenu and scroll down to "Comment Blacklist". This brings up a text box that allows you to cake specific IP addresses. Enter i IP address per line and click the "Save Changes" button — now, users with these specific IP addresses won't be able to comment on any posts.

Information technology's worth noting, yet, that this method merely stops users from commenting on your posts, but won't cease them from accessing your site or spamming it with malicious data traffic to slow down performance. In this case, you'll need to completely block the offending IP accost using the authoritative options in your WordPress hosting providers' cPanel dashboard.

Head to the "Security" department and find the "IP Accost Deny Manager", and then enter a specific IP address or range of addresses to block. Here, the result is more than substantive: Anyone trying to access your site from these addresses will get an mistake bulletin instead of seeing your page.

The Obfuscation Issue

As noted above, IP addresses aren't permanent. Instead, they're assigned based on factors including electric current location, device, and network blazon. They can also exist deliberately replaced with dissimilar IP addresses past using what's known as a virtual private network (VPN).

VPN services have a host of legitimate uses. For example, they're oft used by businesses to obfuscate user locations and encrypt information traffic, in turn making information technology much more difficult for hackers to compromise key functions. But VPNs can also be used by malicious actors to generate massive amounts of website traffic — traffic that seemingly originates from multiple devices and locations worldwide. In this case, blocking specific IP addresses and fifty-fifty address ranges through WordPress or hosting cPanels won't help, since attackers volition simply use a different set of addresses for their adjacent set on.

Solving for IP Overload

Thankfully, site owners have several options when it comes to handling IP address overload.

First up are WordPress plugins that allow administrators to block traffic from specific geographic locations in improver to IP ranges. Consider the case of a DDoS attack on your site: If your examination of server logs shows that the bulk of malicious access requests are coming from a sure country or region, WordPress plugins such as IP2 Location Land Blocker let you actively block access from this geographic expanse to limit the risk of site compromise.

It'south as well worth considering more than active security options for your WordPress site, such as web application firewalls (WAFs) offered by reputable security providers. These solutions help reduce malicious site traffic by routing all access requests through their own servers and scanning them for suspicious activity or IP addresses. If these tools notice a large book of traffic coming from the same geographic surface area or detect suspicious activity — such as rapid-fire requests or the utilize of proxy servers to reroute and obfuscate these requests — they volition automatically deny admission to protect your site.

Building Ameliorate Blocks

In virtually cases, blocking an IP address isn't necessary — one-off comments and occasional site security issues can be mitigated by responsive administrators and robust security solutions. In the issue that commenters turn down to respect community guidelines or large-scale DDoS attacks on WordPress websites get a reality, however, it'south worth considering more drastic activity with IP address blocking.

For single, specific blocks or small-scale accost ranges information technology's easy enough for site admins to use congenital-in comment moderation or cPanel hosting direction tools. In the case of targeted attacks using VPN or proxy processes, meanwhile, consider building better blocks with location-blocking WordPress plugins or avant-garde IP accost detection and rejection tools.

New Call-to-action

css introduction

Originally published Dec xxx, 2020 vii:00:00 AM, updated December 30 2020