How to ban users based on IP addresses using the htaccess file
Bulletproof Backups for Your WordPress Website
Fortify your business continuity with foolproof WordPress backups. No data loss, no downtime — just secure, seamless operation.
Brute force attacks form a sizeable chunk of the attacks in the Internet today. In an attempt to crack login information, our WordPress sites are endlessly bombarded with login attempts. You can obtain more details about these failed login attempts such as the IP address from your logs. The next obvious step is to block these users from accessing your site. The htaccess file is one way of achieveing it.
Htaccess files are configuration files that are present on your web server. They are used to control access to files at a directory level or even for the entire site. If you want to block an IP address, say 192.168.20.10, using htaccess, you can do so by adding the following lines –
order allow,deny
deny from 192.168.20.10
allow from all
The above lines will successfully block the user with IP address 192.168.20.10. You can add this at a site level or at a directory level depending on what you want to protect. You can also add multiple IP addresses, each on a separate line.
Attackers often use a network of bots to attack other users. Each bot will have a unique IP address assigned to it from a range of addresses. When your site comes under attack, it is easy to spot the range of IP addresses from your logs. What’s easier is to block them all in one shot. All you’ve got to do is add the following lines in your htaccess file –
order allow,deny
deny from 192.168.20.
allow from all
It is also possible to ban users or even an ISP using the hostname. The following is one such example –
order allow,deny
deny from thebadguy.com
allow from all
The htaccess file is a very strong tool to control access to your site. Owing to this, a small error while typing can break parts of your site. So always backup your htaccess file before making any changes to it. When WordPress adds configuration to the htaccess file, it is always done between the comment lines #BEGIN WordPress and #END WordPress. So remember to add your custom lines outside of these comments for better tracking.
Tags:
Share it:
You may also like
Ultimate WordPress Migration Checklist: Everything You Need to Move Web Hosts Seamlessly
Migrating a WordPress website to a new web host can be daunting, especially if you’re doing it for the first time. First of all, there are a lot of steps. …
WordPress There Has Been An Error Cropping Your Image – 7 Easy Fixes
Have you ever tried to crop an image in WordPress, only to get stuck with an annoying “There has been an error cropping your image” notification? If that sounds familiar,…
WordPress Media Library Not Loading? 10 Easy Fixes
You’re all set to upload an exciting new picture to your WordPress website. But when you open the Media Library, nothing shows up. How annoying is that? Many users face…
How do you update and backup your website?
Creating Backup and Updating website can be time consuming and error-prone. BlogVault will save you hours everyday while providing you complete peace of mind.
Updating Everything Manually?
But it’s too time consuming, complicated and stops you from achieving your full potential. You don’t want to put your business at risk with inefficient management.
Backup Your WordPress Site
Install the plugin on your website, let it sync and you’re done. Get automated, scheduled backups for your critical site data, and make sure your website never experiences downtime again.