When you manage a website, you certainly don’t want all and sundry individuals accessing every corner of your website. You may be interested only in having your team access a staging website or may have a rogue bot hammering your server. It is necessary that you understand the simple process for Allow and Block IPs Using .htaccess.
Within this tutorial, you are about to learn how to handle IP access restriction and allow or deny IP addresses using the .htaccess file through simple examples. We will consider some practical examples, discuss how to write a .htaccess allow and block IP addresses example, and then describe what each of the rules means.
What is an IP Address and Why It is an Important Security Contexts
In short, an IP address is considered to be theStreet address of an internet device. Take into account that every device that you use – like your home computer, smartphone when it’s connected to mobile data, office computer, and hosting server – sends and receives data through IP addresses.
For security purposes, IP addresses are like having a badge. By being able to restrict which IP addresses can access your secured section on a website, the risks associated with bots or curious individuals accessing your site are eliminated.
Common Use Cases for IP Allow and Block Rules
- Protect /admin so only your office IP can sign in.
- Restrict a staging or test site with an htaccess deny all except specific IP address.
- Block a spammer’s IP that submits fake forms all day.
- Stop a scraping bot that overloads your server.
- Limit access to an API endpoint to your backend server’s IP only.
- Allow your home and office IPs, but block public Wi‑Fi access.
Allowing IP Addresses Using .htaccess
You usually allow IP addresses when you want to htaccess allow only certain IP addresses to reach a folder or file. A common example is protecting /wp-admin, /admin, or an internal tool.
Most shared hosting providers still support the classic Apache syntax for IP rules, so the examples below work on a large number of servers. If your host runs a very strict modern setup and you get a server error, ask their support which syntax they allow.
Allow a Single IP Address
Imagine you want only your office IP 203.0.113.15 to access your admin area. Everyone else should see a 403 Forbidden page. Add this to your .htaccess file inside that folder:
Order Deny,Allow
Deny from all
Allow from 203.0.113.15It’s a classic pattern to allow or deny IP address in htaccess apache style rule.
Allow Multiple IP Addresses
Now imagine you work from home and office, and your developer in another country also needs access. You want to allow multiple IPs:
Order Deny,Allow
Deny from all
Allow from 203.0.113.15
Allow from 198.51.100.27
Allow from 192.0.2.44Same as previous example, you deny everyone first, then you allow the trusted IPs. You now have an htaccess allow and block IP address example where only the addresses you list can get in. You can add as many as needed into whitelist.
Allow a Range or Partial IP
Sometimes your provider uses a small range of IPs, and your address changes inside that block. You can allow a partial IP, for example:
Order Deny,Allow
Deny from all
Allow from 203.0.113.This configuration allows any IP that starts with 203.0.113.. Use it carefully, because you might open access to more users than you expect.
Blocking IP Addresses Using .htaccess
You block IP addresses when you want your site to stay open for most people, but you need to stop a few bad actors like automated bots or spam users or even proxy sites. This is common when you see:
In this approach, you will see how to block specific IP address using htaccess file while keeping normal traffic allowed.
Block a Single or Multiple IP Address
Let’s say you see 203.0.113.15 hitting your login page thousands of times. You want to block this type of IP but allow everyone else to visit your site.
Order Allow,Deny
Allow from all
Deny from 203.0.113.15
Deny from 198.51.100.27
Deny from 192.0.2.44This acts like a short blacklist. You often build this list after checking your access logs or a security plugin’s report.
Deny All Except Specific IP Address
Sometimes you want to close a whole site or folder to the public and keep it open just for you or your team. A staging site or private dashboard is a perfect example. Here is a clean htaccess deny all except specific IP address pattern:
Order Deny,Allow
Deny from all
Allow from 203.0.113.15Only 203.0.113.15 can reach that folder. Everyone else sees an error page. You can still add more Allow from lines if your team grows.
Conclusion
When you Allow and Block IPs Using .htaccess, you elevate a text file to a robust first line of defence. With this functionality, you will be able to secure your admin interfaces, your staging environments, and block unwanted traffic without having to use heavyweight plugins or software. Begin within a tiny area of your site, perhaps your admin area, and ensure your changes are tested. Eventually, you will develop a set of .htaccess rules that are a clean reflection of your designated security policies.