How to block and Ban Spam IP Addresses in PrestaShop – Top Programming Tips

Today the biggest threat for online stores is spammers and hackers. These people can harm your store in a drastic way. The simple loss of spam is overloaded servers that finally result in handing out your server and store will be down. The biggest losses may be any e.g. stealing out the credit card information and credentials of your customers or they can simply hack your store and can display any type of false information.

Imagine that if spammers are just creating thousands of abandoned carts in your store. You buy some order authentication software that will cost you even 1 USD preventing a single abandoned cart. You receive 100 abandoned carts and you will definitely have charged 100 USD for that day. If spammers continue that practice on daily practice, can you bear this loss in this way. Surely not, so you have to think for some other solution that his reliable as well cost you little.

As we are talking here about PrestaShop that by default don’t sets a mechanism to block spam. So you have to install a paid geo IP ban module or edit your core files including htacccss to do this task. While doing it by htaccess, the task will be very tiring to add 1000 of IPs for blocking so installing a module will be a better choice.

Here our purpose is not to promote any module but we will provide you a number of free solution that hopefully work for you. So below question answers session will depict some ways to How to block and Ban Spam IP Addresses in PrestaShop;

Question No. 1: I want to block my own country addresses. To do that I downloaded the geo.dat file from back office in geo location section. I unzipped the file and then uploaded to the suggested location. I unchecked the country from allowed countries but it don’t work.

Answer: Go to this website and generate the htaccess file by including those countries you want to ban. In case you only want to block some IPs, you can get the IP address and add them at the end in htacccss file. Like you see here;

ErrorDocument 404 /Error404.html

deny from

deny from

deny from

etc etc .. it can me 1000+

Save your .htaccess File

Create another Error404.html file in the root folder. Edit its content i.e. this content will be shown to those visitors that visit from that IP.

Question No. 2: There is website e.g. This site constantly sends bots at my store to check store products. They generally access my site through cart function e.g. index.php?controller=cart&add=1&id_product=16101&token=e84ed70b53dd that finally causes adding products in carts that ends on abandoned. In this way, I get hundreds of abandoned carts. Please guide me how can I block the IP of that site or even I will be satisfied, if stop that site from adding entries in my cart. I tried to do this through htaccess but It don’t help.

Answer: Although, the way through htaccess should work but if you are not getting the results, it is better to try some paid Geo IP ban module from addon marketplace.

Question No. 3: Hi, from couple of days, I am seeing a lot of users on my store ranging from 100 to 400. This is unusual traffic and when I checked that I have seen that huge traffic is pinging from same IP i.e. same IP assessing my channel multiple times. I am Australia and my store is only useful for visitors of my own country. How to handle this situation as I don’t want to be my server overloaded with spam traffic? See screenshot

Answer: According to me, it’s the responsibility of hosting provider to fix your issue of spammers. It is due to reasons that hoster have full access to control all the IPs that want to access their server. If it is VPS sever, you should enable a secure firewall.

Question No. 4: Suppose I get 500 visitors online on my store and when I am not sure that either they are search engine bots or spammers. How can I make a difference between the IPs of spammers and search engine bots?

Answer: As you find the IPs at backend, you can search those IPs on Google and will definitely make the difference between bots and spammers.

Question No. 5: I am very afraid of a country India whose one of the website always spams on my site and steel the product photos and other details. I know that at PrestaShop 1.6 backend, there is a module geo localization. I want to know that how much extent this module is feasible? For clarity, this module can be accessed through back-office, tab preferences -> geolocation

Answer: This is a great tool for blocking the whole country e.g. managing the traffic from countries. If blocked IP is detected, then this module will not allow shopping. Checking maxmind geolitecity.dat gives almost true information about the IP. As IP changes frequently, so you have to update the geolitecity.dat at least once a month. You can get this file from here . Download the country or city file, unzip and upload it to tools/geoip via ftp.

Question No. 6: I have seen that my shops sometimes bombarded with some Russian sites. I want to block these sites. How I can achieve it?

Answer: You can add these lines in robot.txt file.

# Suspicious sites





If you don’t want to follow this, refer to the answer of question no. 1 where there is solution to get it done through editing htaccess file.

In case you don’t like both methods, you can go for GEO ip localization local module as discussed in answer of question no. 5. For the last, you can try a paid GEO ip module as given in question no. 2.

Note: These questions are answered by top community developers and do not reflect FMEModules.