.htaccess » Block access to WordPress for users coming from X website

Block access to WordPress for users coming from X website

There are a few different ways that you can block access to your WordPress website if a user is coming from a specific website:

Blocking access using a plugin

There are several WordPress plugins that allow you to block access to your website based on the referral URL. These plugins typically allow you to specify the website or websites that you want to block access from, and will automatically redirect users coming from those websites to a specified page or URL.

Some popular WordPress plugins to achieve this include:

This plugin allows you to block access to your website based on the IP address, hostname, or referral URL of the user. It also allows you to specify the duration of the ban and customize the error message that is displayed to blocked users.

This plugin blocks access to your website from known spammy and malicious bots, as well as allows you to specify specific referral URLs to block. It also includes a feature to block access based on the user’s IP address.

This plugin tracks and logs user activity on your website, including login attempts and changes to your website’s content and settings. It allows you to block access to your website based on the referral URL, as well as other criteria such as IP address and user agent.


If you have access to your website’s .htaccess file, you can use it to block access to your website based on the referral URL. To do this, you will need to add a specific code snippet to the .htaccess file, which will block access to your website from the specified URL.

Here is an example of code that you can use in your .htaccess file to block access to your WordPress website if a user is coming from a specific website:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://www.example.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://example.com [NC]
RewriteRule .* - [F]

This code will block access to your website from the domain “example.com”, whether the user is accessing it with the “www” subdomain or not.

To block access from multiple websites, you can add additional lines of code for each website you want to block. For example:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://www.example.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://example.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://www.example2.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://example2.com [NC]
RewriteRule .* - [F]

This code will block access to your website from both “example.com” and “example2.com”.

Keep in mind that modifying your .htaccess file can have unintended consequences if not done properly. It is always a good idea to back up your website before making any changes to your .htaccess file.


Using a firewall to block access to your WordPress website based on the referral URL is a good option if you want to add an extra layer of security to your website. A firewall acts as a barrier between your website and the internet and can help to protect against various types of cyber attacks, including those that involve malicious referral URLs.

There are several firewall options available, including:

image 85 1024x517 - Block access to WordPress for users coming from X website
www.cloudflare.com/waf

Cloudflare is a popular cloud-based firewall that allows you to block access to your website based on various criteria, including the referral URL. It also offers other security features, such as DDoS protection and SSL encryption.

To block access to your WordPress website using Cloudflare, you will need to do the following:

  1. Sign up for a Cloudflare account and add your website to it. This will allow you to access the Cloudflare dashboard for your website.
  2. In the Cloudflare dashboard, go to the “Firewall” section and click on the “Firewall Rules” tab.
  3. Click on the “Create a Firewall Rule” button.
  4. In the “Create a Firewall Rule” dialog, enter the referral URL that you want to block access from in the “URL” field. You can also use regular expressions to specify multiple referral URLs.
  5. In the “Action” field, select “Block” as the action to take when this rule is triggered.
  6. Click on the “Save and Deploy” button to save your firewall rule.
  7. Test your firewall rule to make sure it is working as expected.

image 84 1024x517 - Block access to WordPress for users coming from X website
sucuri.net website

Sucuri is another popular firewall option that provides protection against various types of cyber attacks, including those that involve malicious referral URLs. It also offers other security features, such as malware scanning and website monitoring.

To block access to your WordPress website using Sucuri, you will need to do the following:

  1. Sign up for a Sucuri account and add your website to it. This will allow you to access the Sucuri dashboard for your website.
  2. In the Sucuri dashboard, go to the “Firewall” section and click on the “Firewall Rules” tab.
  3. Click on the “Create a New Rule” button.
  4. In the “Create a New Rule” dialog, enter the referral URL that you want to block access from in the “URL” field. You can also use regular expressions to specify multiple referral URLs.
  5. In the “Action” field, select “Block” as the action to take when this rule is triggered.
  6. Click on the “Save Rule” button to save your firewall rule.
  7. Test your firewall rule to make sure it is working as expected.

image 86 1024x517 - Block access to WordPress for users coming from X website
www.wordfence.com/products/wordfence-premium

Wordfence is a WordPress-specific firewall that provides protection against various types of cyber attacks, including those that involve malicious referral URLs. It also offers other security features, such as malware scanning and website monitoring.

To block access to your WordPress website using Wordfence, you will need to do the following:

  1. Install and activate the Wordfence plugin on your WordPress website.
  2. In the WordPress dashboard, go to the “Wordfence” section and click on the “Firewall” tab.
  3. Click on the “Firewall Rules” tab.
  4. Scroll down to the “Custom Rules” section and click on the “Add a New Custom Rule” button.
  5. In the “Add a New Custom Rule” dialog, enter the referral URL that you want to block access from in the “URL” field. You can also use regular expressions to specify multiple referral URLs.
  6. In the “Action” field, select “Block” as the action to take when this rule is triggered.
  7. Click on the “Add Rule” button to save your firewall rule.
  8. Test your firewall rule to make sure it is working as expected.

Keep in mind that modifying your firewall rules can have unintended consequences if not done properly. It is always a good idea to test your rules before deploying them to ensure that they are working as intended.


In conclusion, there are many different ways that you can block access to your WordPress website if a user is coming from a specific website. Which method you choose will depend on your specific needs and the tools that you have available.

Was this post helpful?

Leave a Comment

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.

Recommended