Save 25% on our pro plugins with coupon code: SPRING2023
Web Dev + WordPress + Security

How to Block IP Addresses with PHP

[ Image: Skeletor Blocks a Move ] Figuratively speaking, hunting down and killing spammers, scrapers, and other online scum remains one of our favorite pursuits. Once we have determined that a particular IP address is worthy of banishment, we generally invoke the magical powers of htaccess to lock the gates. When htaccess is not available, we may summon the versatile functionality of PHP to get the job done.

This method is straightforward. Simply edit, copy and paste the following code example into the top of any PHP for which you wish to block access:

<?php $deny = array("111.111.111", "222.222.222", "333.333.333");
if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
} ?>

The code basically creates an array of the IP addresses that you wish to block, and then checks incoming addresses against the array. If the incoming (i.e., remote) address matches against any value in the array, the function will deny access with a redirect header to the specified URL, which in this case is the majestic Google home page. It all happens quickly behind the scenes.


When using this code in your pages, simply replace the “dummy” IP addresses (i.e., "111.111.111", "222.222.222", ...) with those that you wish to block (e.g., "123.456.789", "123.456.*", "123.*", ...). Yes, PHP understands wildcard operators (i.e., *). Also you may want to change the redirect location. Currently it is set to, so feel free to change that to whatever URL is desired.

After making any changes, upload the file to your server. If you would like to verify this method, simply lookup your own IP address, add it to the array, and try loading the target page. That’s all there is to it — “grab, gulp, and go”.

Using this method, you may also wish to create a customized page to which blocked addresses are redirected, perhaps to explain the situation, provide contact information, or display a macro shot of your greasy bum, or perhaps send them to the blackhole.

Jeff Starr
About the Author
Jeff Starr = Fullstack Developer. Book Author. Teacher. Human Being.
Digging Into WordPress: Take your WordPress skills to the next level.

109 responses to “How to Block IP Addresses with PHP”

  1. Avatar photo

    Sounds good, Jen. Glad to hear everything is back on track with your new blog. Hopefully your stalker will give up looking for you and move on with her life. Best of luck to you; let me know if I may be of any help in the future. :)

  2. Avatar photo
    use to be 'just jen'...shsh..stealth mode 2008/09/01 4:39 pm

    Thanks for the well wishes :)
    you can stop by and visit my blog any time you want but don’t expect anything too exciting…LOL
    Keep me posted on that toolator :)

  3. Hi Jeff, Could you help me out with some code that will block an IP on a Craigslist ad? Please? Someone is deleting my ad every day. I have their IP address, but can’t find a code that will work. Please help if you can. Thanks, David

  4. Avatar photo
    Jeff Starr 2008/09/14 8:41 am

    Hi David, I feel your pain, but unfortunately blocking someone from accessing the Craigslist site requires access to the Craigslist server, unless I am missing something here..

  5. Thanks Jeff. I was ready for that answer. Do you, or does anyone have any neat little tricks that I can add to the html of the ad to get a little pay back?

  6. Avatar photo
    Jeff Starr 2008/09/17 8:39 am

    Unfortunately, all of the fun stuff requires access to the server.. And even then, getting involved with “pay back”-type behavior may be risky, especially if you aren’t really familiar with what you are doing. The person whom you are targeting might be some deadly hacker ninja who could ruin your life. Not worth it, in my opinion.

  7. Hi,
    this is a nice code.
    Do you know about a free hacker/spammer ip database?
    That is the only thing I miss now. ;)

  8. Avatar photo

    Yes, that would be nice, eh! ;)

  9. Avatar photo

    Thanks for the post. Do you know how to deny a submission if keywords and .com etc. are in the message field?

  10. Avatar photo


    Here’s a cool link to redirect them to rather than google:

    : )

  11. I am trying to prevent a spam source from leaving comments or pingbacks. Although spam is caught by Akismet it clutters my mind more than anything else. I placed this snippet at the very top of the header.php file with no effect what so ever. Am I supposed to place it after the DTD declaration or HTML or any other part?

    Thank you.


  12. Avatar photo
    Jeff Starr 2008/11/16 9:37 pm

    Hi Cemal, the problem is that comments and pingbacks are processed by a file other than those found in your WordPress theme files. The theme files display information from the database, but they aren’t generally involved in putting it there. Instead, look for a file called wp-comments.php (or something similar, depending on your particular WP version), and try adding the code to that file. The wp-comments.php is the actual file that must be accessed by commentators (or spammers, etc.) to leave comments. Placing the PHP block script at the very beginning of that file should do the trick, although I have not tested it because I prefer to block via htaccess instead.

Comments are closed for this post. Something to add? Let me know.
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
.htaccess made easy: Improve site performance and security.
Excellent (and free) tool to test your site's SSL configuration.
Plugin updates! All of our free and pro plugins ready for WordPress 6.2.
Daylight savings is a complete waste of time and needs to be eliminated.
Got a couple of snow days here in mid-March. Fortunately it's not sticking.
I handle all email in real time as it comes in, perpetually clear inbox for years now.
Added some nice features to Wutsearch search engine launchpad. Now 21 engines!
.wp TLD plz :)
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.