How to Block IP in WooCommerce
Running a WooCommerce store means dealing with more than just orders and customers. Sooner or later, most store owners face issues like:
- Fake registrations
- Brute-force login attempts
- Spam reviews and comments
- Card testing attacks
- Fraudulent checkout attempts
One of the most effective ways to stop these threats is by blocking abusive IP addresses and limiting suspicious activity before it harms your store.
In this guide, you’ll learn how to block IPs in WooCommerce using StoreGuard – IP Rate Limiter for WooCommerce and how to configure it properly for maximum protection.
Why You Should Block IPs in WooCommerce
Every visitor to your store connects through an IP address. Attackers and bots also use IPs to:
- Attempt repeated logins
- Create fake customer accounts
- Submit spam reviews
- Test stolen credit cards
- Abuse checkout forms
Blocking or rate limiting these IPs helps you:
- Protect customer accounts
- Reduce payment fraud
- Prevent server overload
- Improve store performance
- Reduce spam and fake orders
Many WooCommerce store owners report ongoing problems with card testing and bot attacks, especially during checkout flows. Community discussions frequently recommend combining CAPTCHA, firewall rules, and IP rate limiting to reduce abuse.
What Is StoreGuard – IP Rate Limiter?
StoreGuard – IP Rate Limiter for WooCommerce is a WooCommerce security plugin designed specifically to protect WooCommerce stores from abuse using intelligent IP-based rate limiting.
The plugin can:
- Automatically block abusive IPs
- Limit repeated actions from the same IP
- Prevent brute-force login attacks
- Stop registration spam
- Reduce checkout fraud and card testing
- Protect comments and reviews from spam
- Whitelist trusted IPs
- Monitor blocked activity with logs and alerts
According to the official documentation, StoreGuard includes seven independent rate limiters and works directly inside WooCommerce settings.
How to Block IPs in WooCommerce Using StoreGuard
Step 1: Install StoreGuard
Download and install the plugin from:
After installation:
- Go to your WordPress dashboard
- Navigate to WooCommerce → StoreGuard
- Open the plugin settings
The plugin adds multiple protection tabs for different WooCommerce actions.
Step 2: Whitelist Your Own IP Address
Before enabling protections, add your own IP to the whitelist.
In WooCommerce → StoreGuard → General:
- Find the Whitelisted IPs section
- Add your:
- Office IP
- Home IP
- Developer IP
- Save changes
This ensures you never accidentally lock yourself out of your own store.
Step 3: Enable Login Protection
Brute-force attacks are one of the most common WooCommerce threats.
To enable login rate limiting:
- Open the Login tab
- Enable Login Rate Limiting
- Use recommended values:
- Max Failed Attempts: 5
- Window: 30 minutes
- Block Duration: 60 minutes
- Save changes
Once enabled, StoreGuard automatically blocks IPs that repeatedly fail login attempts.
Step 4: Block Spam Registrations
Fake customer accounts can clutter your database and increase spam activity.
To stop registration bots:
- Open the Registration tab
- Enable registration protection
- Recommended settings:
- Max Attempts: 3
- Window: 60 minutes
- Block Duration: 24 hours
- Save changes
This limits how many accounts a single IP can create within a time window.
Step 5: Protect Your Checkout From Fraud
Checkout abuse and card testing attacks are major problems for WooCommerce stores.
StoreGuard includes dedicated checkout protection that can:
- Limit repeated checkout attempts
- Reduce automated payment testing
- Block suspicious IPs automatically
Recommended settings:
- Max Attempts: 10
- Window: 60 minutes
- Block Duration: 12 hours
These settings help prevent bots from testing stolen cards repeatedly through your checkout page.
Reddit users dealing with fraudulent WooCommerce orders often describe attackers rotating through multiple cards and IP addresses while abusing checkout systems.
Step 6: Stop Comment & Review Spam
Spam reviews damage store credibility and hurt SEO.
To block spam:
- Open Comments & Reviews
- Enable both:
- Comment rate limiting
- Review rate limiting
- Save changes
Recommended values include:
- 5 comments/reviews
- 60-minute window
- Temporary IP blocking
This prevents bots from flooding your products with spam reviews.
Step 7: Manually Block Suspicious IPs
StoreGuard also allows manual IP management.
You can:
- Block specific IPs instantly
- Unblock trusted users
- Review blocked activity logs
- Monitor attack patterns
This is useful when you identify repeated abuse from a known IP range.
Additional Security Tips for WooCommerce
IP blocking works best when combined with other WooCommerce security practices.
Consider adding:
- CAPTCHA on login and checkout
- Cloudflare firewall rules
- Strong passwords
- Two-factor authentication
- Fraud detection tools
- Country-based restrictions
However, many WooCommerce merchants report that CAPTCHA alone is often insufficient against advanced card testing bots, making rate limiting an important additional layer.
Benefits of Using StoreGuard
Here’s why many WooCommerce stores use StoreGuard:
WooCommerce-Specific Protection
Built specifically for WooCommerce workflows including checkout, login, registration, and payment methods.
Easy Setup
The plugin includes recommended settings for beginners.
Detailed Logs & Monitoring
Track blocked IPs and suspicious activity directly from your dashboard.
Flexible Rate Limits
Each WooCommerce action can have its own independent limit.
Whitelisting Support
Trusted IPs can bypass restrictions safely.
Email Alerts
Receive notifications whenever suspicious IPs are blocked.
Final Thoughts
If your WooCommerce store is dealing with spam, fake registrations, brute-force logins, or payment fraud, blocking abusive IPs is one of the fastest ways to improve security.
Using StoreGuard – IP Rate Limiter for WooCommerce gives you a centralized way to:
- Automatically block suspicious IPs
- Limit abusive behavior
- Reduce fraud and spam
- Protect customer accounts
- Secure your WooCommerce checkout
For most WooCommerce stores, enabling intelligent IP rate limiting is no longer optional — it’s a necessary layer of protection against modern automated attacks.