Pro Plugin Sale! Save 25% on all pro plugins w/ code: SEASONS
Web Dev + WordPress + Security

Worst IPs: 2016 Edition

[ Worst IPs: 2016 Edition ] A little late this year, but following tradition here is my list of the absolute worst IP addresses from 2016. All in nice numerical order for easy crunching. These IPs are associated with all sorts of malicious activity, including exploit scanning, email harvesting, brute-force login attacks, referrer spam, and everything in between. Really obnoxious stuff that degrades your site’s performance and potentially threatens security.

Word to the wise..

Blocking by IP address is not recommended unless you know what you are doing. I have explained numerous times the reasoning behind this, so I won’t waste our collective time repeating it all here. If you are new to the game, you can visit those links to learn more about when, where, and why to block IP addresses.

How I collect this information

Securing sites is a big part of what I do professionally. I’ve been researching web security for over 10 years. This ongoing research provides an abundance of useful data, including IP information associated with malicious requests. I use this data when writing tutorials, books, and when developing WordPress plugins. This article provides a snapshot of this research: a list of the top worst IPs of the previous year.

Please also read the notes following the next section.

The worst IP addresses from 2016

So without further ado, here is my collected list of really nasty IPs from last year:


The lists provided here at Perishable Press are for informational purposes only. I am not responsible for anything that happens once the code leaves this site. That said, this 2016 Bad-IP List is entirely open source and you can republish or use however you want for any purpose. Credit links and shouts out are appreciated, but not required.


It is important to understand that just because an IP address is associated with bad activity, it doesn’t imply that the owner or primary user of the IP has done anything wrong. In many cases, bad actors use hacked machines and devices to scan sites remotely, so the victim’s IP is associated with the activity instead of the perpetrator’s actual address.

So if you find a familiar IP on this list, don’t panic; but do investigate your machine (site, server, local device, whatever) for any security breaches. Chances are high that the machine using the IP is compromised. If this sounds like you, let me know and I’ll do my best to help out however possible.

(Dis)Honorable mention

Out of all the hundreds of bad IPs I encountered in 2016, there is a handful of especially horrible IPs that are absolutely worth blocking on any site:


Whoever/whatever is behind these four IPs are real scumbags, making endless requests for the stupidest resources imaginable in the entire history of exploit scanning. Who knows how much memory and bandwidth these idiots cumulatively have wasted in their vain pursuit of pointless vulnerabilities. Seriously, learn how to log your scans to avoid wasting everyone’s time and resources, including your own.

So to protect your site against these four losers (or maybe the same loser, I have no idea), convert the previous list of IPs into the following .htaccess snippet:

# block worst ips
	Order Allow,Deny
	Allow from All
	Deny from
	Deny from
	Deny from
	Deny from

Then add to your site’s .htaccess file, upload, and done. Moving on with my life..

How to block by IP address

If and when you need to block someone or something based on their IP address, .htaccess can do the job quite nicely. Here is an example:

# block some IPs
	Order Allow,Deny
	Allow from All
	Deny from
	Deny from 111.222.333.44
	Deny from 555.444.333.22

So to implement, you would paste that code into your site’s root .htaccess file. Then you would replace each of the three example IP addresses with real ones. Or remove whatever is not needed if you only want to block one or two. Or you can add more IPs by replicating the pattern, etc.

To add massive numbers of IPs to the list, you can use any good code/text editor and simply prepend “Deny from ” to each line in your list of bad IPs. Automation really is the only way to go for this sort of work; check out the useful online tools linked up in the next section.

Essential Tools

By the way, here are some essential online tools for sorting massive lists of IP addresses:

Completely awesome that these time-saving tools are available for free online :)

Jeff Starr
About the Author
Jeff Starr = Web Developer. Security Specialist. WordPress Buff.
Digging Into WordPress: Take your WordPress skills to the next level.

2 responses to “Worst IPs: 2016 Edition”

  1. Glad to see all the new posts, Jeff! Although I use CloudFlare to (hopefully) block some of the “bad traffic” out there on the net, I’ve also been refining my .htaccess for maximum security and spam request reduction. Do you feel like there’s a point where listing TOO many IPs in a site’s root .htaccess will affect performance? I’d imagine it takes the web server some time to cross check that list on every page load.

    Just wanted to know your thoughts. :-)

    • Jeff Starr 2017/04/12 8:34 am

      Great question, but keep in mind that Apache is just checking the IP headers; it’s not “cross-checking” or anything like that. So blocking by IP is just as fast as any other technique, but you’re correct in thinking that too many directives can have an impact on performance. My own strategy is always to keep the content of .htaccess down to an absolute minimum.

Comments are closed for this post. Something to add? Let me know.
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
Blackhole Pro: Trap bad bots in a virtual black hole.
BF Sale! Save 40% on all Pro WordPress plugins and books w/ code FRIDAY23
Sincerely trying to engage more on social media. I love the people not the platforms.
All free and pro WordPress plugins updated and ready for WP version 6.4!
Fall season almost here :)
My greatest skill on social media is the ability to simply ignore 98% and keep scrolling without interacting.
Enjoying this summer, getting some great positive energy. Refreshing and inspiring.
☀️ Pro plugin giveaway! Enter to win 1 of 4 lifetime licenses for our WordPress security plugins, including 10-site Security Bundle!
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.