We had a customer whose website firewall was blocking his clients from accessing the site. Unable to access the website caused delay in executing certain measures on the website which snowballed into bigger problems. Needless to say, our customer was in a frenzy and reached out for help.
Resolving this issue is fairly simple if you follow the right steps. In this article, we guide you through the different methods of whitelisting an IP address.
What is IP Address Whitelisting?
Whitelisting IP addresses enables you to control who can (or cannot) access your WordPress website.
Blacklisting is a good way to ensure that malicious traffic cannot access your site. You can pick a malicious IP address and blacklist it or you can automate the process by using a firewall.
A firewall can filter traffic coming to your website. Bad traffic is blocked from accessing your site. But we have also seen firewalls accidentally blocking good traffic. In certain cases the website admin or team members are prevented from visiting their own site. Whitelisting IP addresses removes the block and allows them to access your WordPress website again.
How to Whitelist an IP Address? (Manually & Via Plugin)
There are two ways you can whitelist an IP address. You can whitelist manually or by using a plugin. To do it manually, you’ll need to have knowledge about WordPress files. Without that, it’s likely that you’ll end up making mistakes that could break your website. Using a WordPress plugin is a much safer option.
Using a Plugin
Step 2: Request the user who’s IP is blocked to access the website. MalCare will record this attempt. And the IP addresses will show up in MalCare’s Traffic Request section.
To visit the Traffic Request section, log into your MalCare dashboard and then click on your website. Go to Firewall > Traffic Logs. In there, you’ll find the IP addresses that were trying to access your site.
You will need to Identify the blocked IP address. The first few IP’s are likely to be the ones made by your teammates or clients. But to be completely sure that you are choosing the right IP address, check the time and the country of origin.
To whitelist the IP address of your choice, click on the edit button present right beside the IP address. The IP will be whitelisted.
Using the MalCare plugin is the easiest way to perform this task. However, we do understand there are some of our readers who have reservations about installing more plugins on their website and would prefer to do it manually.
Next, we discuss the manual method in detail.I whitelisted IP addresses of my WordPress site with this easy step-by-step guide from MalCare. Click To Tweet
Is It Possible to Manually Whitelist an IP Address?
It is possible but there are two HUGE drawbacks.
- Whitelisting specific IP addresses will block ALL traffic except for the specified IP addresses. This means only a handful of IP addresses will be able to access your WordPress website. Every other IP address will be blocked.
- The manual method is risky because it involves accessing your WordPress files and inserting snippets of codes. If you are not a seasoned WordPress user, you will make mistakes. Small mistaken lead causes your website to break.
We DON’T recommend the manual method. But we’ll show you how difficult it is to whitelist IP addresses manually.
We strongly recommend that you take a complete website backup. If something happens to your website, you can quickly restore a backup and get your site up and running in no time. Now, let’s whitelist your IP address manually in all IP ranges.
Step 1: Log into your web host account, go to the cPanel and select File Manager. From there, go to the public_html folder and locate and edit the .htaccess file.
Step 2: Right-click on the .htaccess file and select Edit.
Step 3: Next, proceed to insert the following code at the end of the .htaccess file.
order deny,allow deny from all allow from xxx.xxx.xxx.xxx
Make sure to replace xxx with the IP whitelist address you want to whitelist.
If you want to whitelist multiple IP addresses, just add another ‘allow from’ line like this:
order deny,allow deny from all allow from xxx.xxx.xxx.xxx allow from xxx.xxx.xxx.xxx
This is how you can whitelist all IP addresses through your WordPress hosting.
Once done, save the changes before closing the .htaccess file.
Manually whitelisting your IP address can be effective if you have a private website and want it to be accessed by only a few people. But if that’s not what you intend to do, then steer clear of the manual method.Whitelisting IP addresses aren’t enough. Use a Firewall smart enough to tell the difference between bad traffic and good ones. Click To Tweet
We hope you found our article helpful. You had to whitelist IP addresses because your firewall was blocking your clients or teammates. A firewall should only prevent bad traffic from accessing your site. It should be smart enough to tell the difference between bad traffic and good ones. For instance, MalCare comes with a Smart WordPress Firewall Plugin that monitors attacks across thousands of websites to create a list of IPs with malicious intent. Whenever an IP makes a request to access your website, MalCare checks its list of malicious IPs to ascertain if the requesting party is malicious or not. Malicious IPs are blocked instantly.
Try MalCare Smart WordPress Firewall!