IP Block List

calendar_month Last updated: May 26, 2026

Endpoint Manager Pro includes a full IP management system — block suspicious addresses manually, auto-block repeat offenders, and allowlist trusted IPs that should bypass all rules. Manage everything from a single screen without needing an external firewall or security plugin.

What It Does

The IP Block List is a centralized interface for managing which IP addresses can and cannot access your REST API. You can add IPs manually with optional notes, auto-block IPs that exceed rate limits or repeatedly hit disabled endpoints, and maintain an allowlist of trusted addresses that bypass all blocking rules.

Blocked IPs receive a configurable HTTP error response for any REST API request. Allowlisted IPs are never rate-limited or blocked, regardless of their request volume.

Key Capabilities

  • Manual IP blocking with optional notes explaining the reason
  • Auto-block IPs that exceed rate limit thresholds
  • Auto-block IPs that repeatedly hit disabled endpoints
  • One-click block directly from the security logs
  • IP allowlist — trusted addresses bypass all rate limits and block rules
  • Unblock any IP at any time with a single click
  • Notes field for each blocked IP to track context and reasoning

How to Use It

Navigate to Endpoint Manager → IP Block List to view and manage all blocked and allowlisted IPs. Add an IP manually by entering the address and an optional note. To block an IP from the logs, click the block icon next to any log entry — the IP is added to the Block List instantly.

To allowlist an IP, add it to the allowlist section. Allowlisted IPs are never blocked or rate-limited, even if they would otherwise trigger auto-block rules.

Why It Matters

Bots, scrapers, and attackers often probe REST API endpoints from specific IP addresses. Without IP-level controls, you can disable endpoints but cannot stop the same client from scanning for other routes. The Block List adds a second layer of defense — once an IP is identified as malicious, all its API requests are denied.

The allowlist is equally important: it prevents your own services, staging environments, and monitoring tools from being caught by aggressive rate limits or auto-block rules.

Frequently Asked Questions

Can I block an IP directly from the security logs?

Yes. Each log entry includes a block action — click it and the IP is added to the Block List immediately. No need to copy the address or switch screens.

What happens if I accidentally block my own IP?

The Block List only affects REST API requests. You can still access the WordPress admin dashboard to remove your IP from the list. To prevent this scenario, add your IP to the allowlist.

Does the allowlist override rate limiting?

Yes. Allowlisted IPs bypass all rate limits, auto-block rules, and manual blocks. They have unrestricted access to all enabled REST API endpoints.