How to ban users based on IP addresses using the htaccess file

Bulletproof Backups for Your WordPress Website

Fortify your business continuity with foolproof WordPress backups. No data loss, no downtime — just secure, seamless operation.

Brute force attacks form a sizeable chunk of the attacks in the Internet today. In an attempt to crack login information, our WordPress sites are endlessly bombarded with login attempts. You can obtain more details about these failed login attempts such as the IP address from your logs. The next obvious step is to block these users from accessing your site. The htaccess file is one way of achieveing it.

Htaccess files are configuration files that are present on your web server. They are used to control access to files at a directory level or even for the entire site. If you want to block an IP address, say 192.168.20.10, using htaccess, you can do so by adding the following lines –

order allow,deny
deny from 192.168.20.10
allow from all

The above lines will successfully block the user with IP address 192.168.20.10. You can add this at a site level or at a directory level depending on what you want to protect. You can also add multiple IP addresses, each on a separate line.

Attackers often use a network of bots to attack other users. Each bot will have a unique IP address assigned to it from a range of addresses. When your site comes under attack, it is easy to spot the range of IP addresses from your logs. What’s easier is to block them all in one shot. All you’ve got to do is add the following lines in your htaccess file –

order allow,deny
deny from 192.168.20.
allow from all

It is also possible to ban users or even an ISP using the hostname. The following is one such example –

order allow,deny
deny from thebadguy.com
allow from all

The htaccess file is a very strong tool to control access to your site. Owing to this, a small error while typing can break parts of your site. So always backup your htaccess file before making any changes to it. When WordPress adds configuration to the htaccess file, it is always done between the comment lines #BEGIN WordPress and #END WordPress. So remember to add your custom lines outside of these comments for better tracking.

Tags:

You may also like


Manage Multiple WordPress Sites
How To Manage Multiple WordPress sites

Management tools help agencies become well-oiled machines. Each task is completed with the least amount of effort and highest rate of  accuracy.  For people managing multiple WordPress sites, the daily…

PHP 8.3 Support Added to Staging Feature
PHP 8.3 Support Added to Staging Feature

We’ve introduced PHP version 8.3 to our staging sites. Test out new features, code changes, and updates on the latest PHP version without affecting your live website. Update PHP confidently…

How to Repair & Optimise the WordPress Database
How to Repair & Optimise the WordPress Database

WordPress is developed with the scripting language PHP and uses either MySQL or MariaDB as its open-source relational database management system. Behind the scenes, the WordPress database stores content such…

How do you update and backup your website?

Creating Backup and Updating website can be time consuming and error-prone. BlogVault will save you hours everyday while providing you complete peace of mind.

Updating Everything Manually?

But it’s too time consuming, complicated and stops you from achieving your full potential. You don’t want to put your business at risk with inefficient management.

Backup Your WordPress Site

Install the plugin on your website, let it sync and you’re done. Get automated, scheduled backups for your critical site data, and make sure your website never experiences downtime again.