How do I block an IP address from viewing my site?
You can add lines to your .htaccess file to block an IP address from viewing your site. For instance, the following line will block all requests from IP address 192.0.2.3:
Deny from 192.0.2.3
You can block larger IP address blocks as well. For example, to block every IP address beginning with 192.0.2, you could use either of these:
Deny from 192.0.2.0/24 Deny from 192.0.2
The Apache Web server allow and deny documentation explains the options in more detail.
Is there a way to do this directly within WordPress?
If you use WordPress, there are many plugins available that let you ban IP addresses without having to manually edit the .htaccess file, although it’s possible that they may slow down your site in a way that .htaccess doesn’t.
You can search for “IP address” in the WordPress plugins directory to find popular plugins.
Unfortunately, there are a couple of limitations to the idea of banning IP addresses.
First of all, some people have Internet connections where they’re assigned a different IP address every time they restart their modem or computer, so their IP address can change each day. Secondly, more determined visitors can use a free proxy service to completely hide their IP address.
In short, trying to block access based on an IP address is unlikely to stop anyone who really wants to see your site. In many cases, this means it's not worth the continual effort to try to block an ever-changing set of IP addresses.