Introduction
Ecommerce shop owners need to act quickly and decisively once they detect suspicious usage patterns on their website. The ability to block IP addresses is essential for preventing fraud and abusive behavior in your Magento store.
Merchants with high-risk business models can control the level of exposure by blocking IP ranges, regions, and entire countries.
Learn how to block IP addresses in Magento and protect your store from malicious activity.
5 Simple Ways to Block IPs in Magento
There are several ways to block an IP in Magento. You can block IPs at the server level, utilize firewalls, or install additional Magento modules. The five most common and user-friendly methods include:
- Editing the .htaccess file to block or whitelist IPs.
- Restrict IPs using a web hosting control panel (cPanel’s IP Blocker).
- Install a Magento extension.
- Block IPs using the index.php file.
- Asking the payment processor to block payments from specific IPs.
Use one or combine several methods to prevent individual IPs (users) or IP ranges from making payments or accessing certain areas of your website.
1. Edit .htaccess File to Block IPs
The .htaccess file controls access, redirects traffic, and manages security settings on your website. The rules within the file can affect the entire website. Always back up the .htaccess file before attempting to edit its contents.
1. To block an IP address, access your server using an FTP client or a web hosting control panel. The examples in this article are presented using cPanel.
2. Select the .htaccess file and click Edit.
3. If you cannot locate the file, click Settings and enable the Show Hidden Files option.
4. Use the following syntax to block individual IP addresses:
Order Allow, Deny
Allow from all
Deny from 123.123.123.123
5. Add the code to the .htaccess file and edit the IP to match the address you want to block.
6. The # symbol signifies that a line is a comment and ensures that the system does not treat it as an executable command.
7. For convenience, block multiple IPs in the same line using a space to separate IPs:
Deny from 123.123.123.123 456.456.456.456
8. Leaving out the final digit of an IP address blocks all IPs in the 0 – 255 range:
Deny from 123.123.123.
9. Once you have added the IPs, select Save Changes, and close the .htaccess file.
Note: Another security measure you should implement is changing the Magento admin link.
2. Use IP Blocker to Restrict IPs
IP Blocker is a built-in cPanel tool used to prevent traffic from specific IPs and domains.
1. Access the cPanel home screen and click IP Blocker in the Security section.
2. Enter an IP address, IP range, or domain name in the IP Address or Domain field.
3. Click Add to block the IP addresses.
4. A list of Currently Blocked IP Addresses is available at the bottom of the page and can be used to unblock IPs if necessary.
3. Install a Magento Extension
Magento Open Source does not provide a built-in feature to block IPs or countries. To restrict access to your website, install a Magento extension.
1. Visit the Magento Marketplace and browse the available modules that focus on restricting IPs. Explore several solutions before committing to an extension.
2. For example, the IP Addresses & Country Blocker is a paid module that enables you to micromanage access to individual products, pages, or the entire website from the Magento Admin.
3. After installing the IP Addresses & Country Blocker plugin, expand the FME Extensions tab and select the Block IPs option.
4. Click Add New to restrict IPs.
5. Enter an IP or multiple IPs in the Block IP(s) field and click Save.
The IP Addresses & Country Blocker enables merchants to introduce automated restrictions and access rules based on region, country, and additional custom parameters.
4. Block IPs Using the index.php File
Restrict specific IPs by using a PHP function that checks incoming IPs against an array and denies access to the listed addresses.
1. Create an array of IP addresses by adding the following code to the index.php file:
<?php $deny = array("123.123.123", "233.233.233", "344.344.344");
if (in_array ($_SERVER['REMOTE_ADDR'], $deny))
{
exit();
} ?>
2. Replace the IP addresses from the example with the IPs you want to block.
5. Ask Payment Processor to Block IPs
Merchants regularly need to limit the sales of products and services in certain countries due to legal restrictions.
Additionally, blocking payments for specific customers and regions is an effective way to mitigate risk levels and chargebacks.
By coordinating efforts with a payment processor, a merchant can allow customers to access their website and only block payments for individual IPs.
A payment processor can prevent payments on their payment forms based on IP, state, country, and other custom parameters.
Contact your payment processor to check the available options and how to add IPs to their blocklists.
Conclusion
By following any of the methods listed in this article, you have successfully blocked an IP address and explored different options for preventing malicious activity on your Ecommerce website.
Try combining several methods to automate processes and effectively control access to your Magento store.