How to Automatically Blacklist IP Addresses in WordPress

WordPress isn’t the most insecure CMS there is although many people claim it to be so. It is the popularity and the wide use of the CMS that attracts most attention from hackers. The number of brute force attacks WordPress users are subjected to have been on the rise in recent years. We often see websites with more than 10,000 login attempts in just one weekend. Therefore, the need to automatically blacklist IP Addresses in WordPress is obvious.

Because we have to be very vigilant when WordPress security is concerned and for the reason that we are after an automatic blacklisting of IP addresses, we need to consider a plugin adding such functionality.

Although my favourite plugin for WP security is the AIO WP Security & Firewall Plugin and it allows for blacklisting of IP addresses, it doesn’t do this automatically yet. The good news is that there is another, much lighter plugin that does just that. It is the IP Blacklist Cloud plugin and it is available for free download from the WordPress repository at

Blocking IP addresses automatically in WordPress is necessary because it saves you a lot of unnecessary work of doing it manually and be constantly on the alert for brute force attacks. It is sometimes very hard to block even one intruder as hackers are smart and often use proxy servers with different IP addresses to try to gain access to your site by hammering it with a combination of usernames and passwords.

Because you may be getting hundreds of failed unauthorized access attempts per site per day, you want to be blocking IP addresses automatically. Blacklisting a lot of IP addresses across a lot of websites each day is a hard and unpleasant task. My way of doing this is by using the IP Blacklist Cloud plugin. It allows you to block certain intruders by IP, instead of blocking a particular user when the failed login attempts exceed a certain number.

Another handy feature of the plugin is the ability to see a number of details for all those who have attempted a brute force attack against your website. If you have questions on how to block IP addresses with this useful tool, just visit the aforementioned plugin page, read its description, go through its documentation and when in doubt, open a support question.

Be careful not to blacklist yourself. Sometimes you also make the mistake of typing the wrong password. It is usually a good idea to whitelist your username. The plugin allows it.

Although there are a lot of WordPress security plugins and IP Blacklist Cloud is neither the plugin that offers the most options and the most comprehensive security nor it is the best WP security-related plugin there is, it is my plugin of choice when automatic blacklisting of IP addresses is concerned.

As it is with all of your websites, you want to prevent hackers from accessing your admin panel and making your life miserable. Be cautious of brute force attacks and if you can’t find a better plugin that does the task of blocking IP addresses in WordPress, give this one a try. It is free, easy to use, and only takes a few moments of your time to set up properly.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.