Celebrating 20 years online :)
Web Dev + WordPress + Security

How to Block IP Addresses with PHP

[ Image: Skeletor Blocks a Move ] Figuratively speaking, hunting down and killing spammers, scrapers, and other online scum remains one of our favorite pursuits. Once we have determined that a particular IP address is worthy of banishment, we generally invoke the magical powers of htaccess to lock the gates. When htaccess is not available, we may summon the versatile functionality of PHP to get the job done.

This method is straightforward. Simply edit, copy and paste the following code example into the top of any PHP for which you wish to block access:

<?php $deny = array("111.111.111", "222.222.222", "333.333.333");
if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
   header("location: https://example.com/");
} ?>

The code basically creates an array of the IP addresses that you wish to block, and then checks incoming addresses against the array. If the incoming (i.e., remote) address matches against any value in the array, the function will deny access with a redirect header to the specified URL, which in this case is the majestic Google home page. It all happens quickly behind the scenes.


When using this code in your pages, simply replace the “dummy” IP addresses (i.e., "111.111.111", "222.222.222", ...) with those that you wish to block (e.g., "123.456.789", "123.456.*", "123.*", ...). Yes, PHP understands wildcard operators (i.e., *). Also you may want to change the redirect location. Currently it is set to https://example.com/, so feel free to change that to whatever URL is desired.

After making any changes, upload the file to your server. If you would like to verify this method, simply lookup your own IP address, add it to the array, and try loading the target page. That’s all there is to it — “grab, gulp, and go”.

Using this method, you may also wish to create a customized page to which blocked addresses are redirected, perhaps to explain the situation, provide contact information, or display a macro shot of your greasy bum, or perhaps send them to the blackhole.

About the Author
Jeff Starr = Designer. Developer. Producer. Writer. Editor. Etc.
Digging Into WordPress: Take your WordPress skills to the next level.

109 responses to “How to Block IP Addresses with PHP”

  1. sorry admin for flooding the topic … :D
    I’ll get you the code, gimme 5 min…

  2. …and if you can solve my problem with your code, where might I send a donation to you for your time? I can’t take all this help without providing you some compensation.

  3. hey leslie,

    you mentioned that you want to block all IP allowing just certain IPs to have access to your content. I mentioned Javascript and while I was writting a piece of code for you, I just remembered that JS must “load” the entire page BEFORE it executes. This means that, even if the code works, one could easily ‘hack’ the content of your page by turn javascript off on the browser settings… in other words, this is not the solutions.

    Unless you are able to upload files to the server root and use a server-side script like PHP, ASP or CF, blocking IP will be not possible.

    check out the SiteBuilder administrator’s page for modules that offers the same functionality. I built the iPurikura.com web site that provides free sites with no add for free. It also allows you to set access keys, like logins. maybe that would serve your purposes better.

    about donation, don’t worry about that :D Human knowledge belongs to the world!

  4. Thanks, Jay. I appreciate your time very much! Where did you find the SiteBuilder Admin page?

  5. Here is the tutorials of what you can do at SiteBuilder:


    here is the homepage


    sorry I could help more!

  6. It appears I actually *can* get to the root directory, so that changes things for me, doesn’t it? Perhaps I can use some of the PHP code?

  7. I checked the documentation and indeed you can upload files but the files you can upload are unrelated to scripts. gimme some more time to check the documentation.

  8. I went through the whole documentation. On the topic How to View Files in File Manager, states that you can upload media type files which means that you can’t use server side. even if you upload the script, it won’t run.
    SiteBuilder has its pre-set modules that can be added into your site project. You can’t go any further than that. If you really need to deploy a solution that requires database or authentication, you will have to look for a server and manage your own files (which I recommend if you’re doing a business site).

    I’m sorry for not been helpful but SiteBuilder won’t allow you to do much.

  9. Oh my goodness, Jay, I can’t thank you enough for answering these questions for me. Thank you very much for your time, and your knowledge. I’m grateful. =) Have a great day!

  10. Jay,

    Is it possible to slay my dragon by putting the sensitive information on a page, on a server, other than Homestead, that will allow PHP or .htaccess, and just point to that page from the Homestead lead-in page? If the IP address isn’t on my allowed list, the re-direct would go back to the Homestead page? I only need to protect one page, not the entire site.

    Does that make sense?

    If so, can you recommend a novice friendly service? I chose Homestead for a reason, intially…they might be basic, but it’s easy if you are a novice.

    Thanks in advance.


  11. Leslie,

    it is but the problem lies on how would you pass data to another server without lacking security. That would not help you at all. Your homestead would still be open to anyone who knows the url to the page because there is no way you can validate the visitor at the main page.

    I do understand that Homestead might be friendly to newbies but, if you’re thinking about getting serious, you should step forwards into the wonders of coding :D

    Still, almost all host services provides a Homestead “like” service based on templates. All you have to do it’s get a domain and host services which cost less than $100 bucks (year). Take a look on this page: http://www.simplescripts.com/ for the most common solutions for personal and small business web sites. It’s just one click install.

    I’ll try to contact Homestead support tomorrow to find out a possible solution – if any – I’ll get back to you later.

  12. Thanks, Jay.

Comments are closed for this post. Something to add? Let me know.
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
WP Themes In Depth: Build and sell awesome WordPress themes.
Crazy that we’re almost halfway thru 2024.
I live right next door to the absolute loudest car in town. And the owner loves to drive it.
8G Firewall now out of beta testing, ready for use on production sites.
It's all about that ad revenue baby.
Note to self: encrypting 500 GB of data on my iMac takes around 8 hours.
Getting back into things after a bit of a break. Currently 7° F outside. Chillz.
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.