How to ban users based on IP addresses using the htaccess file
Bulletproof Backups for Your WordPress Website
Fortify your business continuity with foolproof WordPress backups. No data loss, no downtime — just secure, seamless operation.
Brute force attacks form a sizeable chunk of the attacks in the Internet today. In an attempt to crack login information, our WordPress sites are endlessly bombarded with login attempts. You can obtain more details about these failed login attempts such as the IP address from your logs. The next obvious step is to block these users from accessing your site. The htaccess file is one way of achieveing it.
Htaccess files are configuration files that are present on your web server. They are used to control access to files at a directory level or even for the entire site. If you want to block an IP address, say 192.168.20.10, using htaccess, you can do so by adding the following lines –
deny from 192.168.20.10
allow from all
The above lines will successfully block the user with IP address 192.168.20.10. You can add this at a site level or at a directory level depending on what you want to protect. You can also add multiple IP addresses, each on a separate line.
Attackers often use a network of bots to attack other users. Each bot will have a unique IP address assigned to it from a range of addresses. When your site comes under attack, it is easy to spot the range of IP addresses from your logs. What’s easier is to block them all in one shot. All you’ve got to do is add the following lines in your htaccess file –
deny from 192.168.20.
allow from all
It is also possible to ban users or even an ISP using the hostname. The following is one such example –
deny from thebadguy.com
allow from all
The htaccess file is a very strong tool to control access to your site. Owing to this, a small error while typing can break parts of your site. So always backup your htaccess file before making any changes to it. When WordPress adds configuration to the htaccess file, it is always done between the comment lines #BEGIN WordPress and #END WordPress. So remember to add your custom lines outside of these comments for better tracking.
You may also like
Management tools help agencies become well-oiled machines. Each task is completed with the least amount of effort and highest rate of accuracy. For people managing multiple WordPress sites, the daily…
We’ve introduced PHP version 8.3 to our staging sites. Test out new features, code changes, and updates on the latest PHP version without affecting your live website. Update PHP confidently…
WordPress is developed with the scripting language PHP and uses either MySQL or MariaDB as its open-source relational database management system. Behind the scenes, the WordPress database stores content such…
How do you update and backup your website?
Creating Backup and Updating website can be time consuming and error-prone. BlogVault will save you hours everyday while providing you complete peace of mind.