When managing a high-traffic WooCommerce or eCommerce website, one of the most important ongoing security tasks is blocking suspicious IP addresses. These can include bots attempting repeated logins, spammers creating fake orders, or users abusing form submissions.
In this project, Freshy’s development team implemented targeted IP blocking using Wordfence, a leading WordPress security plugin, to stop recurring malicious traffic while maintaining site performance.
Issue Background
The client reported suspicious and potentially fraudulent activity on their WooCommerce store. Repeated order attempts were being made from known IPs, and although each request came from a valid-looking user session, the behavior patterns suggested automation or abuse.
The problem:
- The site had no firewall-level IP blocking in place.
- A code snippet previously used for access control was no longer effective.
- Certain recurring IPs were sending repeated checkout requests, adding unnecessary load to the site and interfering with analytics.
The requested solution was simple but critical — install Wordfence, enable IP blocking, and disable redundant manual code.
Diagnosis
Before implementing a new firewall system, our developer first evaluated the existing setup:
- Checked active security plugins: Confirmed that no other security tool (like Sucuri or iThemes Security) was managing firewall functions to avoid conflicts.
- Reviewed custom code snippets: Identified a code-based IP block script in the
functions.phpfile that relied on$_SERVER['REMOTE_ADDR'], which is effective but inflexible. - Analyzed access logs: Verified that the repeated login and checkout attempts originated from the same IP:
52.1.65.187 - Evaluated performance impact: Ensured that introducing Wordfence’s firewall and IP blocking rules wouldn’t significantly affect load times or checkout speed.
Resolution Steps
To implement IP blocking efficiently and securely, the Freshy team completed the following steps:
1. Installed and configured Wordfence
Installed the Wordfence Security plugin from the WordPress repository and activated its basic firewall protection. Only the “Blocking” feature was enabled to avoid introducing unnecessary scans or performance overhead.
2. Added the malicious IP to the blocking list
Navigated to:
Wordfence → Firewall → Blocking → Block IPs
Added the IP address 52.1.65.187 and saved it under the “Permanent Block” rule. This immediately stopped further requests from that IP from accessing the website, checkout, or admin areas.
3. Disabled the old code snippet
Located and deactivated the custom code snippet previously used for IP blocking. This prevented potential redundancy and reduced the risk of conflicts between the custom PHP and Wordfence firewall filters.
4. Verified the block
To confirm that the rule was active:
- The IP was tested using a remote VPN tool.
- Requests to
/wp-login.phpand/checkout/returned a 403 Forbidden response, confirming the block was working properly.
5. Recommended future enhancements
Based on additional client notes, our developer recommended extending monitoring for recurring abuse patterns, including:
- Blocking orders with duplicate shipping addresses or emails.
- Implementing WooCommerce Anti-Fraud or similar tools for advanced order validation.
- Using Wordfence’s Live Traffic view to identify other potential repeat offenders.
Final Outcome
After setup, the site successfully blocked the malicious IP without affecting legitimate users. Wordfence’s built-in firewall now handles future suspicious requests at the server level, improving security without sacrificing speed.
By removing the outdated code snippet, the security workflow was streamlined and simplified. The site now benefits from a centralized security dashboard for managing IPs and tracking activity.
Key Takeaways
- Wordfence provides an efficient, low-overhead way to block bad actors at the IP level.
- Always disable redundant or conflicting code-based firewalls when using Wordfence.
- Periodically review Wordfence → Tools → Live Traffic to catch new suspicious IPs early.
- Consider extending security rules beyond IPs — such as matching suspicious email, billing, or product order patterns.
Freshy’s team of WordPress security experts specializes in implementing smart, efficient protections for WooCommerce and high-traffic sites — helping businesses stay secure without slowing down.
If your website is under attack or receiving unwanted traffic, our developers can help you harden your site and set up IP-level security. Contact Freshy today to schedule a security review.
