How to Block Bad Bots From Your WordPress Website

Block bad bots from your WordPress website

You may have told, your web hosting or the security plugin you use that many fake users are trying to break into your website. They maybe automotive bots or humans, you can block bad bots from your WordPress website.

As you all know that website security is something you should never take lightly. Many websites get hacked every year because of the poor security.

You can follow the WordPress security guide.

If you’re good at monitoring your website then it can be easily tracked the IP addresses of the users who tried to login to your website.

For the login page, it’s also called the brute force attack. But bots can drop the malicious code in the comments too.

So you have to block bad bots from your WordPress website.

Use the .htaccess File To Secure Your Website

It’s no new thing to know about the use of the .htaccess file. You can add multiple layers of security using this file.

You can protect your admin folder, enable browser caching and what not.

I am sure, you know how to edit the .htaccess file. It can be done by accessing the cPanel of your web hosting account.

Go to cPanel>>File manager>>public_html>>.htaccess file. You can search this file which can be found easily.

In this file, you have to block the users from their IP addresses. Let me show you the code.

#Block IP Addresses.<Limit GET POST>
order allow,deny
deny from user1_IP
deny from user2_IP
allow from all

NOTE: You have to replace the user1_IP and user2_IP addresses with the original IP addresses you want to block.

I hope you wouldn’t find any difficulty finding the user IP address who is spamming your website. Just monitor your website with a security plugin and you will see the suspicious IPs.

If someone is hitting your website multiple time, just block the IP address.

Even after installing a spam comment protection plugin like Akismet, many people drop the spam comments. You can get many comments from the same IP address.

Just block that IP and save yourself from deleting those spam comments manually.

The IP addresses may not be only of the humans, every Internet user has an IP address for that particular connection. Whether it’s a human being or the bot, you can block it.

It’s always recommended to do every possible thing to protect your WordPress website. You would also be interested in knowing that you can password protect your admin directory.

You can even use the two-factor authentication plugins for adding one more security layer.

If you’re not good with such coding stuff, you can do that all using a security plugin. Almost every security plugin allows you to block bad bots from your WordPress website using their IP addresses.

I can understand that it’s hard to edit the coding files. But you should always know about the different methods.

Can You Now Block Bad Bots From Your WordPress Website

As mentioned above, you can either use a security plugin or the .htaccess file to block the suspicious IP addresses.

WordPress security is always something you should focus on. Many people don’t consider it as an important aspect which results in a disaster.

That’s why it’s always recommended to backup your WordPress website and the database. You should also know the different ways to backup your WordPress database.

I hope you can easily block bad bots from your WordPress website. If you still have any doubt, feel free to drop a comment.

You can also connect with us on Twitter, LinkedIn, and Facebook.

by Ravi Chahar

A WordPress Professional and the LinkedIn Influencer. A coder by passion and a blogger by choice. WordPress theme development is his forte. He is your WordPress guy who will teach you how to solve WordPress errors, WordPress security issues, design issues and what not.

Get Free Updates Into Your Inbox

Learn Everything Just Like I Did



  1. Hello, Ravi Great share.
    Website security have become a prime issue nowadays. Lot of people try to pilfer sensitive data from authoritative domains. The hassle that a hacker brings is immeasurable, an indecent almost jeopardised one of my project. The WordPress website got hacked twice delaying the project to a span of 2 months.
    I believe this article will be helpful for all to configure their we security.

    1. Hey Nishant,

      In the past few days, I have noticed many bots attacking from the same IP address which leads me to block them. It’s very important to monitor your website so that you can block those bad bots.
      WordPress security is a must have.
      Thanks for stopping by.

  2. Hello, Ravi Sir.

    Great post though.

    Last Year, I got into this issue and used the plugin called Sucuri. It helped me to block over 11160 spam visits till now. As a WordPress user, one should have Akismet plugin installed to avoid spam comments, visits and signups. Well, I’ll try your method too, because it seems to be easy.

    Thanks for sharing.

    All the best,

  3. Hello @Ravi

    Nice Post you got up here.
    WordPress security is very important,I have found Sucuri plugin to provide suspected unauthorization of these bots and using your tips, one could block these bad bots easily.

    Thanks for sharing once more.

    1. Hey Posper,

      The plugin like Sucuri can save you to a greater extent. It will show you the spam IP addresses. You can either block those from the plugin or use the above-mentioned code.
      Blocking those bad bots is really important to secure your website.

Leave a Reply

Your email address will not be published. Required fields are marked *