If you want to ban a bad user from accessing your WordPress website or blog and you have the user’s IP address, or hostname, you can block such users by using an htaccess file. If you want to ban the IP address from accessing any part of the website then the htaccess file should be placed in the root of your WordPress or website. If you would like to block access only to a specific directory on your website, then upload the .htaccess file to that particular directory.
WP White Security Tip: If you already have an .htaccess file in the root of your WordPress, download the existing one and add the below at the end of the .htaccess file. It is important to always add content outside the # BEGIN WordPress and # END WordPress lines.
htaccess file to ban bad users
To ban a single IP address from accessing your WordPress, add the below to the htaccess file in the root of your website.
Require all granted Require not IP 192.168.1.2
The above htaccess file sample will deny access to WordPress or your website to the following IP address; 192.168.1.2. If you would like to exclude more IP addresses, simply add them in new lines using the following syntax deny from [IP ADDRESS] as shown in the below example where we block the following IP addresses; 192.168.1.2, 10.130.130.6 and 172.16.130.106.
Require all granted Require not IP 192.168.1.2 Require not IP 10.130.130.6 Require not IP 172.16.130.106
htaccess file to ban a range of IP addresses
To ban a whole IP range, such as from 192.168.1.1 to 192.168.1.254, you can also do so by using an .htaccess file as seen in the below example.
Require all granted Require not IP 192.168.1 allow from all
htaccess file to ban an ISP or hostname
It is also possible to ban a user, a group of users or an ISP by using hostnames. For example if an ISP’s hostname is badisp.com, you can use the below example to block such ISP.
Require all granted Require not host badisp.com