IP Blocking

We’ve just launched our product – Limited lifetime offer ends 31st August

Documentation

August 21, 2025

Our comprehensive IP blacklisting system works out of the box without requiring configuration. IP Addresses are cached for 1 hour before resetting once the first violation is marked. If the maximum violations have reached for that IP address they are blacklisted.

Use these filters if you need to block specific IP addresses or IP ranges from accessing your REST API.

api_security_blacklisted_ips

PHP

add_filter( 'api_security_blacklisted_ips', function( $blacklisted_ips ) {
    $blacklisted_ips[] = '10.0.0.100';
    $blacklisted_ips[] = '172.16.0.50';

    return $blacklisted_ips;
});

add_filter( 'api_security_blacklisted_ips', function( $blacklisted_ips ) {
    $blacklisted_ips[] = '10.0.0.100';
    $blacklisted_ips[] = '172.16.0.50';

    return $blacklisted_ips;
});

api_security_blacklisted_ranges

PHP

add_filter( 'api_security_blacklisted_ranges', function( $blacklisted_ranges ) {
    $blacklisted_ranges[] = '10.0.0.0/16';
    $blacklisted_ranges[] = '172.16.0.0/12';

    return $blacklisted_ranges;
});

add_filter( 'api_security_blacklisted_ranges', function( $blacklisted_ranges ) {
    $blacklisted_ranges[] = '10.0.0.0/16';
    $blacklisted_ranges[] = '172.16.0.0/12';

    return $blacklisted_ranges;
});

Obviously we also need to make sure that the site owners don’t block themselves should they exceed the rate limits so we provided a filter to whitelist IP addresses too.

Localhost IP addresses are already whitelisted.

'::1' // IPv6 localhost.
'127.0.0.1' // IPv4 localhost.

api_security_whitelisted_ips

PHP

add_filter( 'api_security_whitelisted_ips', function( $whitelisted_ips) {
    $whitelisted_ips[] = '10.0.0.100';
    $whitelisted_ips[] = '172.16.0.50';

    return $whitelisted_ips;
});

add_filter( 'api_security_whitelisted_ips', function( $whitelisted_ips) {
    $whitelisted_ips[] = '10.0.0.100';
    $whitelisted_ips[] = '172.16.0.50';

    return $whitelisted_ips;
});

If you really want to disable auto IP blocking then set this filter to true.

api_security_disable_auto_blacklist

PHP

add_filter( 'api_security_disable_auto_blacklist', '__return_true' );

add_filter( 'api_security_disable_auto_blacklist', '__return_true' );