Generally, you can use your .htaccess file to block access to your site from certain IP addresses. This can be an effective method of blocking attacks that originate from a specific location.
If you are running WordPress, you most likely already have an .htaccess file in your site’s directory structure. If not, you’ll need to create one.
To create a new .htaccess file, just make a new file and call it “.htaccess”. Note the dot at the beginning and nothing at the end.
To block an IP using .htaccess, add the IP to your file as follows:
Deny from 184.108.40.206
If you need to block a range of IPs, you can do that like so:
Deny from 123.123
Block multiple IPs by providing a list of IPs to block (separated by spaces, not commas):
Deny from 220.127.116.11 18.104.22.168 333.333.333.333
You can get more advanced than that with regular expressions and other .htaccess tricks. Check out the following article for more advanced examples: