Banning known hack sources from your WordPress site

Preventing malicious attacks before they are even attempted is often one of the best defenses against your website becoming hacked. Of course, there is no replacement for a securely developed site, but a large majority of attacks can be blocked by simply banning malicious sources from your WordPress site. In this article, we will show you how to block a large majority of malicious sources using iThemes Security with just a few clicks.

  1. Begin by logging into your WordPress admin dashboard.
  2. This article assumes that you already have iThemes Security on your site. If you do not already have iThemes Security installed, you may review our article on installing iThemes Security.
  3. Security settings in dashboard

    Within your WordPress admin, hover over Security on the left side menu and click on Settings.

  4. Banned user section

    Next, scroll down the the Banned Users section.

  5. Default blacklist

    Within this section, check the box next to Default Blacklist. This will allow any IP addresses or user agents that are found within the blacklists on hackrepair.com to be automatically banned from your site.

  6. Once the changes are made, be sure to click on Save All Changes.

After setting this option, many malicious sources and bots that may be increasing your website resource usage will now be permanently banned from your site. As these lists are updated regularly, using it is quite effective in automatically blocking known attack sources.

Was this article helpful? Join the conversation!