Block Specific Domains from WordPress Site

You can block specific domains or IPs using .htaccess. But keep in mind that blocking by domain name in .htaccess is not straightforward because the domain name is not part of the HTTP request; instead, you’re usually working with IPs.

Here’s how you can block an IP address using .htaccess:

  • Access your website’s root directory (usually named public_html).
  • Find the .htaccess file. If you don’t see one, make sure your FTP client is set to show hidden files.
  • Edit the .htaccess file and add the following lines to block a specific IP:


Order Allow,Deny
Allow from all
Deny from xxx.xxx.xxx.xxx

On a side note, you can not prevent bots from a specific domain from accessing your WordPress site, you can’t do that with robots.txt. While robots.txt can request that well-behaved bots not crawl certain parts of your site, it doesn’t enforce this. Many malicious bots ignore robots.txt entirely.

Do not know the IP Address for the Domain?

If you don’t know the IP address for the domain but want to block access based on it, you can do a DNS lookup to find out the IP address. You can use various online tools, command-line utilities, or even programming libraries for this.

Here’s a simple way using the command line:

1. On Linux/macOS:
dig +short email.imailfree.cc

2. On Windows:
Use the `nslookup` command in the Command Prompt:
nslookup email.imailfree.cc

This will give you the IP address(es) associated with that domain.

Once you have the IP address, you can use the .htaccess method I described earlier to block it.

However, keep these points in mind:

  1. Multiple IP Addresses: Domains can resolve to multiple IP addresses. If that’s the case, you’ll need to block each one.
  2. Dynamic IP Addresses: The IP address associated with a domain can change, especially if they use a Content Delivery Network (CDN) or if they switch hosting providers. It means you might block the current IP, but they could potentially access your site from a different IP in the future.
  3. Blocking Legitimate Traffic: Be careful when blocking IP addresses. You could inadvertently block legitimate traffic, especially if the IP belongs to a CDN or a shared hosting environment.
  4. Limited Efficacy: If someone is determined to access your site, they can easily switch IP addresses or use a VPN. Blocking IP addresses is a basic deterrent but not foolproof.

Given the limitations of IP blocking, you might want to consider other security measures or plugins that offer more advanced blocking and protection features.

Bitnami Configuration

Bitnami configures its WordPress stack differently than the standard WordPress setup. Instead of using .htaccess files, Bitnami bundles configurations inside a single httpd-app.conf file for performance reasons.

Here’s how you can block an IP address in a Bitnami WordPress stack:

1. SSH into your server where the Bitnami WordPress stack is installed.

2. Navigate to the WordPress configuration folder. The exact path may vary depending on your setup, but for many Bitnami installations, it’s located at:
/opt/bitnami/apps/wordpress/conf/

if you have Lets Encrypt installed than it could be:
/opt/bitnami/apps/letsencrypt/conf/

3. Edit the `httpd-app.conf` file:
sudo nano httpd-app.conf

4. Add the IP blocking configuration.

Somewhere inside the directive, add:

Order allow,deny
Allow from all
Deny from xxx.xxx.xxx.xxx

Replace `xxx.xxx.xxx.xxx` with the IP address you want to block.

5. Restart Apache to apply the changes:
sudo /opt/bitnami/ctlscript.sh restart apache

Remember to be cautious when editing configuration files.

Always backup any file before you modify it, and ensure you’re blocking the correct IP to avoid unintended disruptions.

224 views | Like |