Block Hacker IPs With The WordFence WordPress Plugin – WordPress Security | WP Learning Lab
In this tutorial I’m going to show you how to use the WordFence WordPress plugin to block hacker IPs from accessing your website. As well as show you some tricks to finding IPs for people who are doing suspicious activities on your website.
First things first, you need to install the Wordfence plugin. The free version of Wordfence does all the things I show you in this tutorial. To install it, hover over Plugins and click on Add New. Search for Wordfence in the search bar and install the plugin that has the yellow shield for its image. Make sure you activate it as well.
Now, this tutorial is best done once Wordfence has been scanning for a while since it needs to catalog activity on your website. Once you have some activity cataloged it’s time to rock and roll.
There are two places that I use to find IPs to block. First is the 404 tab under the Live Traffic menu item. Second is in the Blocked IPs menu option.
Let’s look at the 404 tab first. When you scan through the results you will sometimes find IPs scanning for plugins that don’t exist on your website. Make no mistake, this behavior is strange and it’s not something a normal visitor to your website would be doing.
To confirm that this is likely a hacker you can look the plugin up in the WordPress Vulnerabilities Database (https://wpvulndb.com/). If you feel the activity is malicious, click on the “Block” link near the IP to block them.
Go through the whole list and block any IPs that are doing suspicious things.
Next go to the Blocked IPs page. The IPs that you blocked in the 404 tab are only temporarily blocked until you click on Block Permanently in the Blocked IPs page, so go ahead and do that.
Then click on the IPs Blocked From Login tab. On most WordPress sites there are only 1 or 2 people logging in and they usually don’t get the username and password wrong over and over. On this tab you will see a lot of entries from IPs who are trying to Brute Force Hack your website.
Generally, I immediately block anyone trying to login using the Admin user name and the domain name as the user name. Those users never exist on any of my websites, so I know for sure it’s hackers.
Some hackers use the Username Hack to find the correct user names. So if you see IPs from foreign countries using a correct username they are trying to Brute Force Attack your site. Block them.
You can also take a look at the Throttled IPs tab and block and IPs that are rapidly scanning your site. Search engines rapidly scan websites as well, so be careful who you block here.