And when something is valuable, it deserves protecting.

We’re here to help you understand and navigate the security issues your website faces so that you’re prepared to handle them should they occur. Today, we’re delving into website security risks, website owner responsibilities, and how SiteLock Security helps keep your website secure.

SiteLock and Website Security

The state of cybersecurity

You might think that as a small business or independent contractor you’re not on any hacker’s radar, because who’d want to waste their time when there are bigger targets, right?

Think again. Small business websites are prime targets for hackers because they’re often not well secured, yet they still harbor a wealth of data and information.

In 2015, (which already seems eons ago) Ginni Rometty, IBM’s Chairman and CEO, stated that:

We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true – even inevitable – then cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.

That statement rings truer today than it did a mere five years ago. 4iQ says in their 2019 Identity Breach Report that “Cyber criminals [have] shifted their focus, targeting more small businesses, resulting in a 424% increase in authentic and new breaches from 2017.”

Whose responsibility is website security?

At its most basic level, website security is any action taken to protect your website from harm.

But whose job is it to make sure a website is secure? Well, as a website owner — it’s yours.

And there’s a lot to keeping a website safe, like maintaining secure passwords, patching vulnerabilities in different applications, and keeping plugins and tools up to date. But a website owner’s responsibilities don’t stop there. If a website does get infected with malware or hacked, it’s also their job to fix it.

Luckily, you don’t have to do these things on your own (okay, the password bit you probably should). There are tools, like SiteLock Security, that are designed to prevent and mitigate attacks and harm to your website.

Sometimes, we get asked, “Isn’t it my web hosting provider’s job to keep my website secure?” And the answer is no, it isn’t.

Jessica Ortega created this great, short YouTube video that explains the responsibilities of both website owner and web host when it comes to security.  In it, she interviews Ryan Austin, who paints the following analogy.

Think of your web hosting provider as the superintendent of an apartment complex. It’s their responsibility to make sure the building is secure from the outside, to keep the lights on in the parking lot, and ensure all is well outside of your apartment. Your website is like an apartment in the complex and it’s your responsibility to keep it secure — lock the doors and do your part to prevent intruders. If someone does get in because you’ve left a window or door unsecured, your superintendent isn’t at fault.

What happens if my site gets hacked?

Your website is central to your business, so if it gets hacked or infected with malware you face a number of potential consequences that range from a suspended site, to data theft and ransom, and loss of revenue and consumer trust.

If your web host detects malware on your site, they’re liable to suspend or take down your site. This is because they don’t want the malware on your site to spread and infect other sites. It’s similar to the idea of using quarantine to keep viral infections at bay.

A site infected with malware isn’t something you can keep under wraps. Google’s Chrome browser is the most used internet browser in 2020, and it’s not shy in warning its users away from websites that are possibly infected with malware. If they detect that your site is infected they’ll blacklist it and alert their users, as malware can spread to people who visit and interact with your site. Your potential customers won’t want to take the risk. Instead of doing business with you they’ll turn around and find a (safe and uninfected) competitor’s website.

And if your website is infected with malware, chances are you’ll have to restore it to an older version (assuming you have backups) or re-build it altogether, both options meaning you’ll have lost a lot of time and hard work.

The effects of website hacking are many and varied, but never pleasant. Here are five real-life examples of small businesses that got hacked and their devastating consequences.

How to keep your website secure with SiteLock Security

The security of your website should be a top priority, and there are things you can do today to help prevent and mitigate attacks to your site.

We know that small business owners, entrepreneurs, and people with side hustles wear a lot of different hats. It’s tough enough keeping up with the day-to-day aspects of running your business much less staying on top of online threats that are hard to see and harder to predict.

That’s why we’ve partnered with SiteLock Security to give you, and your website, some peace of mind.

Benefits of SiteLock Security

SiteLock Security protects your website from malware, viruses, hackers, and spam. It does this by scanning your site for these malicious things, automatically removing any malware it locates, and alerting you when something doesn’t look quite right.

In addition to the services they provide behind-the-scenes, SiteLock Security comes with a seal that you can display on your site. The SiteLock seal inspires confidence in your site; in fact, when SiteLock and Domain.com did a user study in 2014, we found that displaying the SiteLock seal can increase conversions by up to 15%.

SiteLock Security plans and features

At Domain.com we offer three different SiteLock Security plans: Essentials, Prevent, and Prevent Plus, to suit the varying needs of website owners.  

If you think you might need even more protection to maintain your website performance and security, we can help. Call us toll-free at (800) 403-3568 to speak to an expert and make sure that your website gets all the protection it needs.

Don’t delay when the security of your website and site traffic is at stake.

Hackers, malware, suspended websites — it all sounds like the stuff of small business nightmares… because it is. Save yourself a headache or ten by investing in your website’s security now. 

Get SiteLock Security today and rest easy knowing that your website is in good hands. 

In large part, that’s due to something called Secure Sockets Layer, or SSL. SSL is a technology that keeps internet connections secure. It encrypts and protects sensitive information and data as it’s sent between two systems (like your browser and another website or two servers). SSL stops bad people and bots from reading or changing the information being sent between the systems, like credit card information during an e-commerce transaction.

If you have a website or are in charge of the web hosting for your business, you need to understand the importance of data privacy and securing internet connections. As you begin your research, you’ll come across the term “SSL port” and that’s what we’re focusing on today.

What is an SSL port?

Data can be communicated between systems (like your web browser and your favorite online shopping website) with or without SSL. But the SSL port number is what indicates whether or not your connection is secure.

How can I tell if my connection to a website is secure?

Look at the URL in the address bar in your browser. You’ll see that the URL starts with one of two things: it’s either HTTP or HTTPS. The HTTPS indicates a secure connection and it uses port number 443. HTTP, an unsecure internet protocol, uses port number 80.

What is a port?

Whenever you open up your computer to visit a website you’re quite literally docking into the Internet, like a boat would dock at a port. Internet ports are numbered differently to indicate what the ports are used for and what they offer. These ports are called “TCP Ports” and that stands for Transmission Control Protocol.

If you’re diving into the world of websites and hosting, it’ll be helpful to know what the most commonly-used ports are and their assignments, or their purpose.

How Are TCP Ports Used?

TCP is pretty reliable. In order for TCP ports to work, there must be an “anchored connection” between Point A, where the data or request originates, and Point B, where the data or request is being sent. The only way that transmission of data will fail with TCP is if the connection between Points A and B is lost, like if you lost your internet connection.

What are the more common TCP Ports?

What’s the relationship between HTTPS and SSL?

To understand how SSL and HTTPS work together, let’s first go back to the unsecure HTTP. HTTP and HTTPS aren’t that different. In fact, the only difference is that when HTTPS creates and maintains a secure internet connection, it’s doing so with SSL.

How do I secure my website with SSL?

You want your site visitors and customers to trust you. You want them to have faith in your site and know that the information they’re sharing with you during a purchase is safe and secure. The way to go from HTTP (a visual marker of an unsecure site) to HTTPS (the visual marker of an SSL-secured site) is to install an SSL certificate on your website server. This certificate verifies your site’s identity so that information can be passed securely from your web server to your visitors’ browsers.

Is SSL a certificate or a protocol?

SSL certificates and HTTPS protocol are two separate things. But together, they make for a mighty secure internet connection.

Think of the HTTPS protocol as the physical structure that allows encrypted information to travel securely from point A to point B.

SSL certificates are what encrypts the information being shared over that HTTPS structure. However, you must keep in mind that the SSL certificate itself isn’t going to do anything for you. It only works once you’ve configured and set it up on your server.  

Isn’t SSL outdated?

If you’re researching SSL then you’ve probably come across the term “TLS.” Is it really a new and improved version of SSL? What are we all doing still talking about and using SSL? Don’t worry folks, we’ll explain.

TLS stands for Transport Layer Security, and it’s definitely a newer and better version of SSL. However, the term SSL is so well known that it stuck around even after TLS was introduced. So when you purchase SSL you’re in fact purchasing TLS (it’s like SSL plus).

What are the differences between TLS and SSL?

The original SSL was developed back in the wild & wooly 90s by a company called Netscape (remember them?). TLS isn’t too different, it uses many of the same technologies and protocol, but it’s been updated to withstand the security risks and issues of today’s world. TLS provides stronger encryption, but remember, it’s still referred to as SSL because that’s the more well-known name.

Why does my SSL port matter?

You need to configure your SSL certificate on your web server to get “HTTPS” to show in your website’s URL in the address bar. This indicates that you’re using an SSL port, which means the connection created between your site and someone’s browser is secure.

People are growing evermore distrustful of seeing “HTTP” in their browser and for good reason. With the amount of hacks and data theft happening today, people want to know you’re doing what you can to protect their information. Your SSL port indicates there’s a secure, encrypted connection that will keep their data away from malicious prying eyes.

Advantages to using SSL

• Faster web page loading
  • HTTPS loads pages faster than HTTP. Who waits around for a webpage to load nowadays when there’s always a competitor around the digital corner whose site might be faster?
• SEO Improvement
  • Your site is likely to rank higher in search results if you’re using HTTPS as opposed to HTTP.
• Stop hackers and bad actors in their tracks
  • SSL encrypts the data transferred back and forth between two systems. Even if these bad people and bots could somehow see the data being transferred, they won’t know what it says.
• Maintain PCI Compliance
  • PCI Compliance stands for Payment Card Industry Compliance. This is required by all credit card companies when making transactions online to further secure and protect against data and identity theft.
  • Part of the PCI Compliance guidelines are that your site must use HTTPS, which means your SSL certificate needs to be configured on your site before you can accept payments via credit card for purchases.
• No scary alerts
  • If you’re using HTTP then chances are your site visitors are receiving notices telling them your website isn’t secure when they land on it. Frankly, this looks bad. It causes them to lose confidence in your site and odds are good they won’t be back.

Where can I get SSL for my website?

Domain.com offers a variety of different SSL certificates to suit you and your websites’ needs.

Only need basic SSL protection so your customers see your site is secure and you improve your Google search rankings? We offer that.

Do you have multiple subdomains that need SSL protection? We offer that, too.

And what if you have an e-commerce site and require even more protection for your customers’ data? Yeah, we’ve got you covered.

All of our SSL offerings come with a warranty ranging from $10K – $1,750,000 USD and a visual indicator that your site is secure.

Take a look at our plans and let us know if you have any questions about those, or SSL in general, in the comments.  

No?

We didn’t think so.

Read on to find out how people can get your information and what you can do to stop it.

Domain Privacy + Protection: How to keep your personal information private

If you’re looking to purchase a domain name, or if you’ve already purchased one, you’ve surely seen mentions of “Domain Privacy.” But what does it mean? How is Domain Privacy + Protection any different? Let’s explore that.

Whenever a domain name is purchased, the person or company registering it is required to use their legal, accurate personal information. ICANN, the international governing body for domain names, requires every domain registrar, like Domain.com, to maintain a publicly viewable “WHOIS” database. This database displays the personal contact information for every registered domain, which includes phone numbers and email address.

It’s important to know who’s behind the websites you visit and trust the most, and where you get your information from, so there is a reason for having that information be available. However, there are a lot of bad actors out there who take advantage of the public WHOIS database and they scrape the base for numbers and email addresses.

Has your phone number ever made it onto a telemarketing list before? If not, take it from the rest of us, it’s not pleasant. How about your email address — do you like spam?

Ready for some good news?

You can maintain the privacy of your information

When you purchase Domain Privacy + Protection you’re making the decision to keep your details out of the WHOIS database and instead, provide the database our information. We have the teams and resources to deal with any spam volume that amounts from having our information on the database; this way, your precious time and information remains yours alone.

Domain Privacy + Protection can save you a lot of headaches, just take Shiloh’s word for it.

Go beyond maintaining privacy with protection

Every domain registrar, like Domain.com, offers some kind of privacy product for your domain names. However, we thought we’d take it a step further and provide protection for your domain, too.

In addition to keeping your information private, you also have to worry about the threat of hackers and human error to your domain and website. Domain Privacy + Protection helps to keep you safe from both of those things. Our protection services are powered by SiteLock and provide malware scans and blacklist prevention to maintain your online reputation. When domains get blacklisted, their site traffic and marketing will suffer. Stay confident that your domain name has a good reputation by using Domain Privacy + Protection. We’ll alert you if anything should happen so you’re able to take quick, corrective action.

You’ll still own your domain name

One question we frequently hear is, “Do I still own my domain name if my information isn’t shown in WHOIS?”

Yes! You do. You still maintain full control and ownership over your domain name. Domain Protection + Privacy helps to prevent identity theft, unwanted spam, and the sale of your personal information to make owning your domain name a little easier and worry-free.

How can I get Domain Privacy + Protection?

Although you can add Domain Privacy + Protection before or after registering a domain name, we recommend doing it before. This way, your personal information is never made public in the WHOIS database. If you wait to purchase Domain Privacy + Protection, your information could be made public for a while and there’s no telling who will have seen it. It may take some time for all the WHOIS websites to clear their data caches and remove your information from public view if you choose to purchase it after your domain name.

Ready to purchase your domain name and take your idea to the next level? You can do that right here. And let us know if you have any questions, we’re here to help.

Lately, news of online hacks and data breaches abound. You wouldn’t think that hopping online to buy a new sheet set from a major retailer could jeopardize your private and financial information, but for many of us, it’s happened and it’s a hassle.

So what can you do to reassure your website visitors and prospective customers that your site is a safe place to transact? Wouldn’t it be helpful if there was some kind of visual indicator?

Rest easy, because there is!

SiteLock Security is a website must-have

It’s called the SiteLock Security Seal and you can proudly display it on your website with any purchase of SiteLock Security.

That’s not the only benefit SiteLock Security provides. In fact, by the time you’re done with this article you’ll wonder how you ever published a site without it.

Let’s take a look at why you need SiteLock Security on your site.

Malware Scanning – What is malware? It’s a portmanteau, created from the words malicious and software, and it strikes fear into the hearts of Internet users the world over.

Ever heard of viruses or Trojans? How about ransomware or spyware? These are a sampling of different types of malware. Viruses spread from infected files to clean files and can cause extreme damage to websites. Trojans, a lá their namesake, are discreet — they create “backdoors” that allow other viruses into your computer, server, and security. Ransomware and spyware are what they sound like — one can hold your computer and its contents hostage while the other spies on your every action.

Depending on the SiteLock Security plan you choose we offer both daily and continuous malware scanning so you can relax in the knowledge and comfort that we have your, and your website’s, backs.

Automatic Malware Removal – All those nasty types of malware we just discussed?— yeah, we’ll automatically get rid of those for you if they’re detected by SiteLock Security. If you don’t have the time to manually scan and remove malware yourself (and who does?), don’t fret because we’ve got you covered.

Blacklist Monitoring – There are a lot of good lists out there that you want your name on, like the VIP list for that fantastic new eatery opening up around the corner. But a blacklist? Not so much.

If you find yourself on a blacklist your bottom line will feel the negative impact. So what is a blacklist and why is appearing on them detrimental to your site and business?

We’re betting SEO and where your website shows up in Google search results is important to you. (If not, it should be.) SiteLock’s Blacklist Monitoring will help ensure you don’t get put on one of Google’s blacklists, which would damage your domain and site reputation, and keep your site out of search results. 

Block Automated Bot Attacks – Bots, also known as Internet Robots, come in a variety of forms and perform numerous functions. Some bots are good, like the spiders and crawlers Google uses to search websites and determine the best results for people’s search queries. These are not the bots to worry about, and not what SiteLock protects against. SiteLock Security protects your site from bad bot attacks.

Bad bots exploit issues on your site and aggravate the effects of any malware on your site. Put simply, bad bots do bad things. Their functions run the gamut from logging keystrokes (that means they track and record the keystrokes your site visitors make — including when they enter sensitive and financial information and login credentials) to sending spam that can land you on blacklists.

DDoS Protection – What’s DDoS? It stands for Distributed Denial of Service. DDoS Protection prevents your site from succumbing to a DDoS attack, which can render your site unusable for the duration of the attack.

DDoS attacks are a particularly ugly form of bot attacks. What happens during a DDoS attack? It’s when multiple compromised computer systems (usually ones that have fallen prey to a Trojan virus) maliciously band together to flood your website and server — rendering your site unreachable because it’s overwhelmed. Sometimes DDoS attacks can last a few minutes, or in particularly bad cases, they can last for days. What would happen to your revenue if your e-commerce site was rendered unusable and unreachable for days on end? Nothing good, that’s for sure.

Advanced Web Application Firewall – You’ve probably heard of firewalls before as they’ve been around for a long time. Basically, firewalls are another way your site and server are protected from bad actors trying to infiltrate them.

Think of a firewall as a bouncer, and an advanced web application firewall (WAF) as the biggest, baddest bouncer around. When bots and other malicious entities try to reach your site and server to wreak havoc, your WAF won’t let them through the door.

Keep your website up and running with SiteLock Security

When it comes to Internet security, it pays to be safe.

Running an unsecured website is like playing Russian roulette with your digital livelihood. Don’t become a victim, unable to use or monetize your site due to DDoS attacks or Trojan viruses; instead, use SiteLock Security.

SiteLock Security is the guardian your website needs — never sleeping, always on, and always working in your best interest. If anything malicious is detected on your site you’ll receive email and account alerts, and you’re guaranteed a quick response time should we at Domain.com need to jump in and help with anything happening on your site.

So what are you waiting for? Safeguard your site today! 

Hardly.

SSL stands for Secure Sockets Layer, and you need it if you want your website visitors and potential customers to trust you and your site. Stick around as we dive into the details regarding SSL — you’ll learn what it does, how it can affect your SEO efforts, and how it influences people’s trust in your site. 

What is SSL and how does it work?

What exactly is a Secure Sockets Layer? Dictionary.com defines SSL as “… a protocol that uses encryption to ensure the secure transfer of data over the Internet.”

In a nutshell, SSL is a technology that keeps your website visitors’ personal information private (and away from hackers) when they submit it on your website. 

Fun fact: The original SSL technology has since been replaced by an updated version, called TLS or Transport Layer Security, but the collective Internet is so used to the term SSL that we keep using it.

Think of it this way: Whenever someone fills out a form or submits information on a website their information has to digitally travel from point A (where they submitted it) to point B (where it’s stored).

If the website they’re using isn’t secure, or doesn’t use SSL, then hackers can intercept and read the information being transmitted. This is called a man-in-the-middle attack and you won’t know it’s happened until it’s too late. 

Secure websites, or those that have an SSL certificate, are less likely to fall prey to any MITM attacks. When SSL is used, the connection between your computer and the other site is secured and heavily encrypted, making it nearly impossible for hackers to snag any information being passed back and forth. 

Put yourself in your site visitors’ shoes. If you like to do online shopping or banking, wouldn’t you feel better knowing your information is transmitted via a secure connection? We sure would. And a survey by GlobalSign found that “85% of online shoppers avoid unsecure websites.” That’s a lot of business you could be missing out on. 

How to identify a secure site. 

Websites can’t hide their security status. In fact, most browsers will alert you to a site’s security status in the URL bar. 

How do you know if a site isn’t secure?

If you use Chrome, you’ll see an alert that looks like this:

If you click on the information icon, you’ll get the following message:

What will you see on a site that has SSL enabled?

On Chrome, you’ll see a little padlock icon to indicate a secure site. 

If you click on the padlock icon, you’ll receive the following message:

Alternately, you can look to the website’s full URL in the browser’s address bar to find out whether or not it uses SSL.

• Not secure websites: URLs will start with “HTTP://…”
• Secure websites: URLs start with “HTTPS://…,” where the S stands for secure.

Secure websites perform better in search engine results

Since 2014, Google has said that they use HTTPS as a ranking signal in search results. 

What does that mean for you?

If your website has SSL then it’s more likely to show up higher in SERPs (search engine result pages) than a site that isn’t secure. Even if you’re not collecting visitors’ information on your website, you need SSL so you aren’t penalized in search results. 

Google has pledged to “continue working towards a web that’s secure by default,” so we don’t think HTTPS importance will decrease any time soon. 

How can you add SSL to your site?

It’s easy with Domain.com — we offer a variety of SSL certificates to fit your needs. Here are the plans and details so you can identify the best option for your site. 

LetsEncrypt Free SSL – If you have a basic website and don’t collect any sensitive information from your visitors, then this option should suffice. Search engines and visitors will see that your site is secure and that will increase their trust in you.

Before getting SSL for your site, you’ll need to make sure you have your domain name and hosting. Then, you can log into your account to turn on your free LetsEncrypt SSL. 

If you actively collect customer information (even if it’s just an email address) on your site or manage an e-commerce site then consider purchasing a more advanced SSL offering, like one of the following, all powered by Comodo SSL.

Domain Validated SSL – Secure your customer information, help boost your Google search rankings, and receive the TrustLogo® Site Seal to display on your site. You’ll also be backed by a warranty from Comodo SSL for up to $10,000 to protect the end user.

Wildcard SSL – Our Wildcard offering will give you all the features of the previous plan along with the ability to protect multiple subdomains. You’ll receive a warranty of up to $250,000 to protect the end user with this plan.

E-Commerce SSL – This is our best SSL plan and is ideal for those with e-commerce websites, and offers a green “trust” visual bar for your site, like you see in the image below, and up to a $1,750,000 warranty for the end user. 

Rest easy knowing you’re secure with SSL

The importance of having SSL on your website is only going to increase. 

Google is without a doubt the most popular search engine, and they aren’t pulling any punches when it comes to making the Internet a safer place for all of us.

If you don’t have SSL you risk having your site pushed down in search engine results and losing your site visitors’ trust. Get SSL today, and turn your site into a trusted resource. 

While technological progress has fortified internet security, in reality there are still many ways for bad actors to infiltrate a business or person’s website, email, or online persona in order to wreak havoc.

How to Block an IP Address

Just as it would have been in the Wild West, it’s important to learn how to protect yourself from external threats. The basic security offered by internet servers can ward off some infiltration attempts, but often crafty criminals slip through the cracks.

Learning how to identify and block the IP address of an online pest is perhaps the best way to improve your security on the internet.

It all starts with a great domain. Get yours at Domain.com.

What is an IP Address?

Blocking IP addresses might be the most effective way to bolster your internet security, but what good is that knowledge if you don’t know what an IP address is?

The best way to think of an IP address is by comparing it to a street address. Think about your place of residence—you receive bills, packages, and guide friends to your house by giving them a combination of numbers and letters. That combination—your address—is used to single out your location in relation to all other possible locations.

IP addresses work in the exact same way.

• Each device that’s connected to the internet is assigned a unique IP address.
• A device’s IP address allows the device to interact with, receive information from, and otherwise contact other devices and networks on the internet.

Simply put, an IP address places internet users on the grid. Without it, they would be unable to communicate with other networks.

What do IP Addresses Look Like?

Even though most internet users connect to the internet using an IP address on a daily basis, the vast majority of people don’t know what an IP address looks like.

There are two forms that an IP address can take. The first is IPv4, which stands for “Internet Protocol version 4.” The second is IPv6, which stands for — can you guess? — “Internet Protocol version 6.”

IPv4

Invented all the way back in the 70s, IPv4 was the first wave of IP addresses. Most devices are still connected to the internet using an IPv4 address, but that started to change in 2011 with the release of IPv6.

• IPv4 addresses are composed of four numbers between 0-255, separated by dots or periods.
• An IPv4 address might look like: 99.31.235.187.

From the inception of the internet, IP addresses were provided using the IPv4 model. However, all of the available IPv4 addresses have been allocated, necessitating the move to IPv6.

IPv6

On June 6, 2012, IPv6 was launched by organizations like the Internet Society, among others. IPv6 addresses use a hexadecimal digit system, separates groups using colons, and may include letters.

• The number of conceivable IPv6 addresses is enormous and won’t run out anytime soon.
• An IPv6 address might look like: 2001:0db8:85a3:0000:0000:8a2e:0370:7334.

The complexity of an IPv6 address means that the internet will be prepared to host an even larger number of connected devices in the future.

Why Block an IP Address?

There are several reasons a business, educational institution, or internet user would attempt to block an IP address. In general, the most common reasons are:

• Blocking Bots, Spammers, and Hackers: When bots, spammers, and hackers attempt to infiltrate your website, it can put a heavy strain on your bandwidth and decrease the speed with which you and other users can access your website. If you run a business online, this can be detrimental to sales.  
• Limiting Website Access: Many academic institutions and businesses use IP blocking to limit the websites that students or employees can visit. The goal is typically to increase productivity by limiting distractions.
• Protecting Data: Hackers often attempt to infiltrate websites to steal data or other important information. That information can be used to blackmail or otherwise undermine a company.
• Maintaining Confidentiality: Many academic institutions and companies who keep sensitive records—like transcripts, health records, etc.—are regularly targeted by hackers. Identifying threatening IP addresses and placing them on a blacklist is an essential step to keep those records safe and confidential.

This list should only be seen as the tip of the iceberg. There are countless reasons that an individual or organization might want to block certain IP addresses, and there should be no underestimating how malicious certain internet hackers can be.

How to Block an IP Address

Ultimately, blocking an IP address allows administrators and website owners to control website traffic. The process of blocking an IP address—or several—changes depending on the operating system that’s being used.

While there are several different operating systems, the most common are Windows and Mac. We’ll cover the steps for blocking an IP address using both of these systems, which achieve the same goal through slightly different means.

Blocking an IP Address for Mac Users

To block an IP address on your Mac computer, you’re going to need access to your wireless router (or LAN router, which connects to the internet using an Ethernet cable). Knowing the password is essential, which can often be found printed or stuck on the outside of the modem.

1. System Preferences: Find the Apple menu, represented as the Apple logo in the top left corner of your computer screen. Open the dropdown menu and select “System Preferences.” Once your System Preferences menu appears, find the icon labeled “Network.” Then, press the “Advanced…” bar at the bottom of the screen. Navigate to the TCP/IP tab, where you should find your IPv4 or IPv6 address.
2. Access Router: Next, you’re going to have log into your router. Again, password information can typically be found on the outside of the router, but if you’re having trouble you can always contact your network administrator.
3. Restrict Access: Once you’ve logged into your router, a list of enabled and disabled IP addresses should appear. From there, most routers will give you the option to deny access to unique IP addresses or an entire range of addresses. You should also have the option to block a website. After blocking the IP address, your network will be protected from that address.

Blocking an IP Address for Windows Users

Blocking IP addresses on a Windows computer requires going through the “Windows Firewall.” In tech terms, a firewall is a component that allows your computer to block access to your network without inhibiting your ability to communicate with outside networks.

This guide is going to explain how to locate and block the IP address of a website. Windows Firewall makes this a relatively simple process. If you already know the IP address you want to block, begin with step 3.

• 1 – Locate Website to Block: Open your internet browser and locate the website you want to block. Highlight and copy everything that comes after the “www” in the web address.
• 2 – Open Command Prompt: Navigate to your start menu and open “Command Prompt (Admin).” Paste the website’s web address into the first line of code. Command Prompt should respond by generating several lines of code, which should reveal the website’s IP address. Highlight and copy the IPv4 or IPv6 address. Return to your internet browser, paste it into the search bar, and press enter. Confirm that it takes you back to the website.  
• 3 – Open Windows Firewall: Open the start menu. Locate “Control Panel.” From there, find “Windows Firewall.” Open it.
• 4 – Advanced Settings + Windows Inbound Rules: With Windows Firewall open, locate and click on “Advanced settings” on the left of the screen. Then, locate “Inbound Rules,” which should also be found near the top left of the screen. This should change the menu options. On the right portion of the window, find and click on “New Rule…”
• 5 – New Rule: With the New Rule tab open, select the “Custom” option and press “Next.”  Advance by pressing Next two more times, until you arrive at a window which asks “Which remote IP addresses does this rule apply to?” Click the option that reads, “These IP Addresses.”
• 6 – Add IP Addresses: Click on the “Add…” button. From there, you can paste the website’s IP address (or any other IP address) into the box that reads “This IP address or subnet:” Repeat this process, adding all IP addresses you wish to block. Once they’re added, click “Next” at the bottom of the screen.
• 7 – Block: Three options should appear on the next page. The bottom option will read “Block the connection.” Click this and advance to a page which prompts you to “Name,” the blocked IP addresses. After you’ve named it, press Next until the “Finish” bar appears. Click Finish.
• 8 – Repeat Process with “Outbound Rules”: Return to the Advanced settings window and repeat the process you completed under “Inbound Rules” with “Outbound Rules.”

Once steps 1-8 are complete, the IP address or addresses that you’ve isolated will be blocked from your network.

Why Have I Been Blocked?

If you’ve attempted to visit a website and discovered that you’ve been blocked or have otherwise been denied access, there are several potential reasons.

The most common include:

• Viruses in your Device
• Software Extensions
• History of Illegal Actions

Viruses in your Device

One of the most common reasons that IP addresses are blocked from accessing remote servers is because the remote server detects a virus contained within your IP address. It’s often the case that internet users don’t even know that they have picked up a virus.

Once you’ve removed the virus from your network, feel free to reach out to the website you attempted to access and explain why you should be removed from the blacklist.

Software Extensions

There are many ways to customize your internet browser. Some of the extensions that you can add will eliminate pop-up ads from websites or attempt to detect viruses that might be hiding within a website.

While there’s nothing illegal about adding extensions to your browser, some websites will ban users who run ad-blockers. They may see this as a disruption of their revenue flow.

History of Illegal Actions

If you have a history of conducting illegal activity online, many website admins will block your IP address as a preventative measure, deeming you untrustworthy. Online illegal activities may include illicit trade, activity in the dark web, or cyber-crimes.

Inappropriate Website Content

If you operate a website that contains potentially offensive content like pornographic material or illegal trade, you will likely be blacklisted from many websites on the grounds that your content is subjectively inappropriate.

While you may disagree with the decision of another admin to blacklist your website, there is often no way around the blacklist outside of a direct appeal to the admin.

It all starts with a great domain. Get yours at Domain.com.

Recapping How to Block an IP Address

To recap, IP addresses are used to connect devices to the internet at large. They help locate a connected device in relation to all other devices. By discovering the IP address of a device or website that is causing trouble to an internet user, that user can block the address using a rather straightforward process.

The process of blocking an IP address may change depending on the operating system that is used by the internet connected device. While there are more steps required for PC users, the process is equally straightforward, and perhaps even easier than the process required by Mac users.

If your IP address has been blocked, there are several possible reasons. The first, and most common reason, is that your IP address is associated with a virus—usually one that you’ve picked up by accident. By using antivirus software, you can purge that virus from your computer and then appeal to the website admin to remove you from the IP blacklist.