When to block an IP?
Blocking IPs is useful when you detect brute-force attacks on your WordPress login, bots overloading your server, massive content scraping, or repeated attempts to access sensitive files.
How to find the IP to block
You can see the IPs accessing your site in:
- cPanel → Metrics → Visitors (latest visits)
- cPanel → Metrics → Raw Access (complete logs)
- Wordfence Plugin in WordPress → Live Traffic
Block a specific IP
Open the .htaccess file in public_html and add:
Order Allow,Deny
Deny from 123.456.789.0
Allow from all
Deny from 123.456.789.0
Allow from all
Block multiple IPs
Order Allow,Deny
Deny from 123.456.789.0
Deny from 98.76.54.32
Deny from 111.222.333.0/24
Allow from all
Deny from 123.456.789.0
Deny from 98.76.54.32
Deny from 111.222.333.0/24
Allow from all
The /24 at the end blocks a complete range of IPs (the entire subnet).
Block wp-admin access except for your IP
<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from TU-IP-AQUI
</Files>
Order Deny,Allow
Deny from all
Allow from TU-IP-AQUI
</Files>
???? Your current IP: To find your IP, visit whatismyip.com. Remember that if your IP is dynamic, it changes periodically.
⚠️ Caution: If you block your own IP by mistake, you will not be able to access your site. Always test from another device after adding rules.