How to Whitelist IP Addresses in WordPress? (Step-by-Step Guide)

Is your firewall blocking team members from accessing your website? This is not unusual. Although firewalls and other security features can block malicious traffic from accessing your website, they may accidentally block good traffic too.

We had a customer whose website firewall was blocking his clients from accessing the site. Unable to access the website caused delay in executing certain measures on the website which snowballed into bigger problems. Needless to say, our customer was in a frenzy and reached out for help.

Resolving this issue is fairly simple if you follow the right steps. In this article, we guide you through the different methods to whitelist IP addresses in WordPress.

What is IP Address Whitelisting?

Whitelisting IP addresses in WordPress enables you to control who can (or cannot) access your website.

Blacklisting is a good way to ensure that malicious traffic cannot access your site. You can pick a malicious IP address and blacklist it or you can automate the process by using a firewall.

A firewall can filter traffic coming to your website. Bad traffic is blocked from accessing your site. But we have also seen firewalls accidentally blocking good traffic. In certain cases the website admin or team members are prevented from visiting their own site. Whitelisting IP addresses in WordPress removes the block and allows them to access your website again.


How to Whitelist an IP Address? (Manually & Via Plugin)

There are two ways you can whitelist IP address in WordPress. You can whitelist IP address using htaccess (manually) or Whitelist IP address using a plugin.

To do it manually, you’ll need to have knowledge about WordPress files. Without that, it’s likely that you’ll end up making mistakes that could break your website. Using a WordPress plugin is a much safer option.

Whitelist IP addresses in WordPress Using a Plugin

Step 1: Download and install the MalCare Security Plugin on your WordPress website. Follow our guide to set up your account with MalCare.

Step 2: Request the user who’s IP is blocked to access the website. MalCare will record this attempt. And the IP addresses will show up in MalCare’s Traffic Request section.

To visit the Traffic Request section, log into your MalCare dashboard and then click on your website. Go to Firewall > Traffic Logs. In there, you’ll find the IP addresses that were trying to access your site.

malcare firewall
MalCare Firewall

You will need to Identify the blocked IP address. The first few IP’s are likely to be the ones made by your teammates or clients. But to be completely sure that you are choosing the right IP address, check the time and the country of origin.

To whitelist IP addresses in WordPress of your choice, click on the edit button present right beside the IP address. The IP will be whitelisted.

Whitelist IP addresses in WordPress using MalCare plugin
Click on the tiny button to white the IP

Using the MalCare plugin is the easiest way to perform this task. However, we do understand there are some of our readers who have reservations about installing more plugins on their website and would prefer to do it manually.

Next, we discuss the manual method in detail.

I whitelisted IP addresses in my WordPress site with this easy step-by-step guide from MalCare. Click To Tweet

Whitelist IP Addresses in WordPress using htaccess

It is possible to whitelist IP addresses in WordPress using htaccess but there are two HUGE drawbacks.

  1. Whitelisting specific IP addresses in WordPress will block ALL traffic except for the specified IP addresses. This means only a handful of IP addresses will be able to access your WordPress website. Every other IP address will be blocked.
  2. The manual method is risky because it involves accessing your WordPress files and inserting snippets of codes. If you are not a seasoned WordPress user, you will make mistakes. Small mistaken lead causes your website to break.

We DON’T recommend the manual method. But we’ll show you how difficult it is to whitelist IP addresses in WordPress manually.

Before proceeding…

We strongly recommend that you take a complete website backup. If something happens to your website, you can quickly restore a backup and get your site up and running in no time. Now, let’s whitelist IP addresses in WordPress manually in all IP ranges.

Step 1: Log into your web host account, go to the cPanel and select File Manager. From there, go to the public_html folder and locate and edit the .htaccess file.

Step 2: Right-click on the .htaccess file and select Edit.

public html htaccess
Got to public_html>.htaccess>EEdit

Step 3: Next, proceed to insert the following code at the end of the .htaccess file.

order deny,allow
deny from all
allow from

Make sure to replace xxx with the IP whitelist address you want to whitelist.

If you want to whitelist multiple IP addresses, just add another ‘allow from’ line like this:

order deny,allow
deny from all
allow from
allow from

This is how you can whitelist all IP addresses through your WordPress hosting.

Once done, save the changes before closing the .htaccess file.

Manually whitelisting IP addresses in WordPress can be effective if you have a private website and want it to be accessed by only a few people. But if that’s not what you intend to do, then steer clear of the manual method.

Whitelisting IP addresses aren’t enough. Use a Firewall smart enough to tell the difference between bad traffic and good ones. Click To Tweet


Final Thoughts on Whitelisting IP addresses in WordPress

We hope you found our article helpful. You had to whitelist IP addresses in WordPress using a plugin or htaccess file because your firewall was blocking your clients or teammates. A firewall should only prevent bad traffic from accessing your site. It should be smart enough to tell the difference between bad traffic and good ones. For instance, MalCare comes with a Smart WordPress Firewall Plugin that monitors attacks across thousands of websites to create a list of IPs with malicious intent. Whenever an IP makes a request to access your website, MalCare checks its list of malicious IPs to ascertain if the requesting party is malicious or not. Malicious IPs are blocked instantly.

Try MalCare Smart
WordPress Firewall!

Sophia Lawrence,

Sufia is a WordPress enthusiast, and enjoys sharing their experience with fellow enthusiasts. On the MalCare blog, Sufia distils the wisdom gained from building plugins to solve security issues that admins face.

Copy link
Powered by Social Snap