If you need to spread content, WordPress is one of the best options you can consider to host the site. However, if your website is very popular, it can be the target of a large number of threats, especially if we refer to the comments. We will demonstrate that by blocking IP addresses, we will be able to mitigate at the root a significant part of cyber attack threats.
Why should you block an IP address?
This would help mitigate the root problem. Let us remember that each person who visits our site does so from their mobile phone, computer or device. Any device that connects to the Internet has an associated public IP address. Below, we are going to provide you with the main reasons why we should block IP addresses that are considered malicious:
Spam and malicious comments
Most likely, you have already come across blogs that have several comments that do not exactly refer to the exposed content. If you are responsible for a website such as a blog, you should not forget that you are at great risk. Not only could you purposely receive comments that could affect the reputation of your site. Those responsible for these comments can also use it as a bridge between them and the readers so that the latter are victims of an attack. This and other adverse situations can be avoided by blocking IP addresses.
If a cybercriminal manages to take control of your website through one or more comments, the possibilities of attacks are endless. It could get you to download malicious software that manages to inject malware or ransomware into your computer, for example. On the other hand, it would also manage to appropriate your email so that, through it, it sends spam messages and, in turn, infect other users so that they propagate said spam and that the network of infected addresses becomes larger and larger. .
WordPress has its own plugins that allow you to moderate the comments that arrive. It is possible to verify at a glance the content of the same, then you can reject those that have suspicious content. However, if your site has a high amount of comments, moderating individually would be too time consuming. If you need to use your time for other activities, you can consider using third-party plugins that have the ability to perform comment moderation that could harm the structure of the site in question and reputation in search engine results.
Cyber attacks in general
Cross-Site Scripting is one of the most dangerous web attacks and has a mention in the popular OWASP project. As documented by the project itself, this is a type of script injection and malicious code in general. This injection process occurs on legitimate websites so that they can carry out malicious actions against the users who visit them. How is this attack carried out? To give you some context, a cybercriminal uses a web application to share malicious code. Generally, this code contains scripts that are interpreted by web browsers, which means that the user who uses the browser and accesses the affected website will be affected, whatever the action generated by that script.
The main reason that malicious code injections are successful is that web sites and applications do not have the necessary control. Specifically regarding the scripts, their content and their origin, it is as if any person could manipulate the content of a website that is not ours.
How to block an IP on your WordPress site
In the first instance, you must locate the IP addresses in question, usually found in the comments section. Once you access the list of all comments, you will see that in the left column is:
- The name of the author of the comment
- The email address
- The IP address
We will take note of the latter. Also, we must pay attention to the content of the comments. While there are many possibilities for suspicious comment content, here are some examples of frequent cases of spam-type comments in WordPress:
The screenshot above shows us comments that contain letter combinations that do not mean anything. However, they do have links. We know that something natural of the human being is curiosity. Consequently, it is highly likely that visitors to your site will enter these links and be victims of attacks of all kinds. As we can see, this can be considered as a use case of social engineering .
These types of comments also have links that could be malicious or misleading. What makes them even more dangerous is that the content they have has a very friendly tone, even too kind to be true. The comment we see above is a great compliment to the content you have published and at the end, it suggests that you visit your website.
Anyone who was very naive would click on that site and from that point on, they already know what could happen. If your blog presents content in Spanish, realizing that these types of comments are suspicious is much easier. It is not normal for a person to comment on your posts in English, while sharing content in Spanish.
This type of comment originates from other sites that link to your content. So comments is the way of notification. In English, this is known as trackback . Always, in these cases, the comments of this class appear with the beginning and end composed of the following symbols:
[...]
In the middle of that pair of square brackets and points there is an excerpt from the paragraph where the link to your publication is found. Of course, we are talking about the text found on the website of the person generating the spam. Unfortunately, these comments give a false impression that your site is relevant and that it is mentioned repeatedly. More than anything, what is achieved with this is that there is a very high level of spam. It is extremely important to keep track of comments of this type and block the IP addresses of the authors.
Block IPs through cPanel
The manual way, that is, within WordPress is much more tedious than if we used an additional plugin or tool. cPanel is the web administrator of your website hosting that has a graphical interface for better management. In it, you will find a wide variety of tools, including the possibility of blocking IP addresses.
The name with which you would find the option may vary according to the hosting provider you are using. A common name is IP Blocker . When you go to register the IPs you want to block, in many cases you will simply have to copy and paste the list of IPs you plan to block.
Another way is to enter a range of IP addresses. Likewise, this method of ranges is not too feasible unless you have detected a network segment or several segments that could pose a threat to the integrity of your website.
Blocking IPs using the .htaccess file
Just like any other website, the sites that are under WordPress are made up of folders, site files and configuration files. Precisely, one of the most important configuration files is .htaccess . This file contains rules that instruct the web server to work in a certain way, like your site that is hosted on WordPress.
A very important fact is that this file should only be modified if you have complete control of what you are doing. As the .htaccess file is extremely delicate, modifying it without much foresight could cause your website to stop working, since you are touching the files on the web server itself. When in doubt, it is recommended to generate a complete backup of everything associated with your website. Thus, if any error is caused by configuring this file, you can return to an earlier point.
In the file manager of your cPanel, locate the public_html folder, in it you will find the mentioned configuration file, it includes the IP addresses to block with the following format:
order allow,deny
deny from 1.39.175.142
deny from 3.374.983.084
deny from 6.85.093.129
allow from all
As many times as necessary, add a “deny from” command line and next to it indicate the IP address you want to block. This you must insert at the end of the file and finally, save the changes. The effect of this is that those indicated IP addresses will not have access to your website at all.
Blocking of IPs through plugins
The main advantage of accessories is that they do the work for you, there is little or nothing you should do. One of the things that takes the longest is to identify those comments and IP addresses that are suspicious.
WordPress is characterized by having a wide variety of plugins, including those that help us prevent potential attacks on our site. Especially, if these originate from comments. Basically, these work through a kind of firewall that inspects the site visitor and, if it detects potential malicious activity, automatically blocks the IP address. Without further ado.
There are even some plugins that allow you to block visits from IPs that have a particular country as a location. We consider this measure to be somewhat extreme as we would be limiting our website by geolocation, so we suggest using this feature appropriately.