Welcome to the new design! Please report any bugs or issues, thanks :)
Web Dev + WordPress + Security

Block Multiple IP Addresses with PHP

[ Screenshot: The Legion of Doom ] Let’s face it. There’s just as much scum on the Internet as there is out there in the “real world.” Maybe even more, who knows. From scammers and spammers to scrapers and crackers, the Web is just crawling with all sorts of pathetic scumbags. As predictably random as much of the malicious activity happens to be, it is virtually guaranteed that you will be hounded by at least a few persistent IP addresses that, for whatever reason, have latched on and just won’t let go. Like evil parasites, they plague you night and day, haunting you and making your online life a living hell. Perhaps they leave endless spam comments; perhaps they are just mindless trolls giving you grief; or perhaps they continue to take flying stabs at the security of your website. Whatever the behavior, once you have determined that you need to block a collection of bad IPs, you have many ways to get the job done. Here is a simple way to blacklist multiple IP addresses with a little PHP magic..

Throw Down

Edit the following code with your blacklisted IPs and drop into the page or header file of your choice to enjoy immediate relief from relentless scumbags:

<?php $blacklist = array("123.456.789", "456.789.123", "789.123.456");

if(in_array($_SERVER['REMOTE_ADDR'], $blacklist)) {

	header("Location: http://domain.tld/path/custom.php");

	exit();

} ?>

Recap: edit the IPs in the first line to suit your needs. You will also want to edit the header path in the third line to reflect the location of your “special message” for the blocked IPs. This may be anything you wish: warm greetings, pictures of your bum, or even a virus unleashing the black death upon them. Whatever you do, have fun and be safe! ;) Alternately, if you don’t feel like taking the time to craft a loving page for your blocked frenz, replace the header URL in the third line with the viciously disturbing site of your choice. There are many great sites out there to choose from — so be creative!

Lastly, after you have carefully edited the PHP blacklist script according to your needs, place it into the top of your header.php file or web pages of your choice. Any page featuring this code will be inaccessible to the IP addresses blacklisted in the first line. So grab, gulp, and go! This code will keep those nasty chimps far away from your precious pages! ;)

Jeff Starr
About the Author
Jeff Starr = Creative thinker. Passionate about free and open Web.
BBQ Pro: The fastest firewall to protect your WordPress.

26 responses to “Block Multiple IP Addresses with PHP”

  1. Tam Nguyen Photography 2012/05/30 4:20 pm

    How’s this different than blocking these IPs from the .htaccess level? Any performance gain/hit I should know about?

    • Jeff Starr
      Jeff Starr 2012/05/30 4:29 pm

      In my opinion it’s better to block/redirect at the server-level to avoid invoking additional PHP resources. There are some situations where blocking via PHP is useful, however, such as when more advanced processing is required (eg, logging, custom headers, etc.).

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
USP Pro: Unlimited front-end forms for user-submitted posts and more.
Thoughts
Playing the long game.
They have weaponized the idiots.
Good software never steals focus from the user. Even during startup.
After 10 years running my own business, I still manage schedules and tasks using old school post-it notes, sometimes simple sometimes very elaborate.
You know those sites, where you're trying to just grab a quick bit of information but the page is shifting all over the place as it loads up 3 million advertisements.
Selling two of my top WordPress domains, wp-zen.com & zen-wp.com $300 for both. Aged 9 years. Drop a line if interested.
Never force your users to type out a password (or any long string of characters) by blocking the paste function. Typing long strings leads to MORE errors than simple copy/paste.