All In One Security Blacklist Manager shows you how to block IP addresses, enter IP ranges add user agents and much more.
Last Updated: November 6, 2023
Latest News: Updated the documentation.
The Blacklist feature allows you to ban IP addresses , ranges and user agents. This helps you when you constantly get hackers repeatedly trying to access your site from the same IP address. When you enable this feature, the IP addresses you block are added to your .htaccess file. Adding these entries to your .htaccess file is one of the most secure first line of defence.
Note: If you are interested in block countries from your site then check out the following URL country-blocking-addon.
What you need:
All In One Security Blacklist Manager
Step 1 ) Go to WP Security -> Blacklist Manager admin sidebar menu as illustrated in the image below.
Step 2 ) The following image allows you to set up the following options.
Blacklist Manager Settings
- Enable IP or User Agent Blacklisting:
- Enter IP Addresses: (Note: Check the information below Step 2-a )
- Enter User Agents: (Note: Check the information below Step 2-b )
- Click on Save Settings button when you finish settings up this feature.
This will add another 15 points score towards your security meter. See image below. (Intermediate Security Level)
Step 2-a ) Enter IP Addresses:
Each IP address must be on a new line.
Note: To specify an IP range use a wildcard “*” character. Acceptable ways to use wildcards is shown in the examples below:
- Example 1: 195.47.89.*
- Example 2: 195.47.*.*
- Example 3: 195.*.*.*
Step 2-b ) Enter User Agents:
Each user agent string must be on a new line.
Note: The user agent feature currently does not support referrer blocking. Currently there isn’t an inbuilt blocking mechanism for referrers. The developers might be adding this feature in the future. The following forum post has more information. If you want to block a referrer try the following solution for now.
Example 1 – A single user agent string to block:
Example 2 – A list of more than 1 user agent strings to block. Each user agent string is added in a new line.
Troubleshooting Blacklist Manager
Q1 I am having issues with the Black list feature. I think it is not blocking the IP address I add. What can I do to test this feature?
Solution 1: To confirm if the blacklist feature works try using your IP address to block yourself temporarily. Follow the steps below.(Solution provided by wpsolutions.)
Note: If the blacklist is working properly you will see a “403 Forbidden” error whenever anyone with a blacklisted IP address attempts to access your site.
1) Make sure you are logged into your server using FTP. This will be handy to unlock yourself if needed.
2) Log into WordPress admin panel and add your IP address to the blacklist settings.
3) Try accessing your site from a browser where you are not logged in. You should be denied access. If not, then the apache directives are not working on your server.
(If things are working fine and you do get blocked, just FTP your .htaccess file from your server to your computer and edit that file and remove the part of the code which has your IP address and then FTP the file back to the server)
Solution 2: Someone in the forum provided another solution if you are running a Bitnami WordPress installation. Check the following link support thread to learn more.
Q2 Is there a limit to the number of IP addresses you can add to the Blacklist Manager in this plugin?
Solution One: No
Q3 I’ve entered IP addresses into Blacklist Manager and checked the checkbox, but those IP addresses are still trying to log into the site. They also don’t appear in Dashboard => Permanent Block List.
Solution one: The “Permanent Block List” is not related to the “Blacklist Manager” feature.
The Blacklist Manager uses .htaccess rules and the permanent blocklist uses PHP. The permanent blocklist currently only allows the addition of IP addresses via the SPAM Prevention -> Comment SPAM IP Monitoring menu. (Solution provided by wpsolutions.)
Q1 Where are the blacklisted IP addresses saved in the database?
Solution One: The blacklisted IP addresses are saved in the options table inside the “aio_wp_security_configs” option_name. You can read more about it in the following support thread.
Click on the following link Firewall Rules to continue configuring the plugins settings.
If you have any questions please let me know
All In One Security (AIOS) Plugin Tutorial List