Understanding Your Site’s IP Address Reputation
As a website owner you may not think about the fact that your website IP address has a reputation or that it matters. The idea of a website IP having a reputation is not something that is discussed much among hosting providers and website firewall providers. But it is something we frequently think about at Wordfence and managing your website IP reputation is something we’ve built into Wordfence.
Here’s what we mean by the reputation of your website IP address:
If your website IP has been blacklisted by a spam database like the SpamHaus project, then your reputation has been harmed. Impact: Emails that originate from your website will likely not be delivered to the recipient. For example, new WordPress members who sign up will probably not receive any passwords or welcome email you send if it originates from your blacklisted website IP address.
As another example: If your website public IP address has been banned by a country’s firewall or by a network – for example the Great Firewall of China, then your IP address reputation has been damaged. Cloud providers have been battling the country censors for several years now because, when providing a cloud firewall or content delivery network, they aggregate thousands of websites behind a single IP address. A website controversial in a particular country hides behind a content delivery network and if the Chinese want to block their citizen’s access to that website, they may prevent them from accessing that IP address. The result is that every other website behind that IP is also blocked. The Wall Street Journal covered this problem in March of this year.
At Wordfence we think about how to protect your website IP address. Here are a few things you need to be aware of and that you can monitor to help protect your website IP reputation:
Know if you’re sharing an IP address with other websites
If you are using a shared hosting provider, know that you are sharing an IP with hundreds or possibly thousands of other websites. If one of them engages in spam or is blocked by a country or a large network, you may be affected.
You can manage this risk by installing Wordfence, upgrading to Premium and enabling the feature on our options page titled “Check if this website IP is generating spam”. (Visit our home page to find out more about upgrading) This checks the reputation of your IP address with spam monitors and will alert you if your IP reputation has been harmed. You can also check if your website domain is being “Spamvertized” (included in spam emails) and you can enable our advanced comment spam filter.
Pay attention to user feedback from other countries about access to your site
If you are on a shared public IP because you are using a content distribution network (CDN), pay attention to what arrives in your inbox. If your, for example, Chinese visitors start complaining about not being able to access your site, either have your cloud provider move you to another shared IP, or temporarily disconnect from them by changing your DNS to point back to your own website instead of their servers.
If you are on shared hosting and users are receiving a message that appears to be from a censor when they try to access your site, contact your shared host and have them move your server to another shared IP address.
Know who else is on your IP address:
You can find out who else is on your website’s public IP address by doing a reverse IP domain lookup. This site provides the service for free, simply type in your website hostname e.g. www.example.com, and hit the button to find out who else is on your IP address.
If you do see sites that you don’t like very much, don’t panic. It’s common to have hundreds of sites on a single IP address and as long as that IP isn’t being blocked by censors or spam monitors, you won’t have any problems. That is why it’s important to monitor your IP reputation using Wordfence.
Now that you understand why the reputation of your IP address matters and you have a few tools to monitor your reputation and find out who you are sharing it with, you’re better equipped to ensure your website stays well-regarded and available for your customers. If you’d like to upgrade to Wordfence premium and gain access to our advanced IP monitoring, first install the free version of Wordfence (if you haven’t already) and then visit our home page to find out more about upgrading to Wordfence Premium.
Comments
10:16 am
I love Wordfence and recommend all clients use it on WP sites and also go Premium.
If you really wish to protect your site and IP go dedicated.
A dedicated is all yours and there is no tainting by others.
And with a good sysadmin behind it you will never have a problem, depends how serious you are with your projects.
Shared hosting is great for starting off.
Thank you for a great plugin Wordfence.
10:28 am
Agreed and depending on how technical you are you could sign up for a managed option or for something like Linode which gives you your own dedicated IP for $10/month. But then you have to install Nginx, apache, mysql, etc.. and be very comfortable with Linux.
11:32 pm
Agreed as well! In fact I put Wordfence on all sites I do whether mine or for someone else. So far all my clients have gone with the premium option.
In one case the client had been hacked and needed it cleaned up. This was the easiest Wordfence Premium sell I ever made.
I also agree with the dedicated idea, though we started by doing game servers and finally bought. Now we are hosting websites too.
Thank you Wordfence for all the peace of mind.
10:26 am
This is one aspect of SEO I'm sure not too many webmasters consider. For all you know, this may be the reason your site is not getting better ranking in the search engines.
10:31 am
Great article Mark,
However I think this does not quite cover all of the issues with hosting accounts and IP addresses.
Depending your set-up, additional email programs and your host, your email may be going through IP addresses other than your website.
While you may find hundreds of wordpress sites on a single IP address, you may find hundreds of IP addresses being used for a single domain to potentially send mail OUT.
Many email host providers use primary and secondary ( and many more) incoming and outgoing servers for email. The larger the range of IP addresses your host uses for email servers per domain account, the higher the likelihood of bad behavior by someone else using the service.
I would recommend running a test to look at headers sent from all of your mail accounts related to your business. If you are using a CRM (like ZOHO, salesforce or mailchimp) send an email to an external address from all including your own method of responding to emails. If you do not know how to examine mail headers there is a tool to available here:
http://mxtoolbox.com/EmailHeaders.aspx
Check all of the IP addresses your mail passes through.
There are some very large hosting and CRM providers who have lousy reputations and they are in flux frequently so this should be done more than once year.
10:35 am
Thanks Debbie, awesome addition to the above. Completely agree.
10:36 am
It's an area that new people will find it a strong learning curve that is for sure, but well worth it.
Not going to say much more here as I don't want to come across as after my own interest, but it's funny as I have been dealing with this very problem of keeping an IP clean today and your email came through. :) So felt moved to reply.
Been dealing with SPF records and individual domains today as gmail etc seem to be rejecting a lot of email recently.
Thanks Mark and what a plugin :)
10:37 am
Hi Mark,
This is illuminating - as well as scary! The bit about shared servers is particularly of interest to me.
However, you did not give an express solution aside upgrading. In your own estimation, what is the way out of a damaged IP address when one is sharing servers?
Enjoy the day!
Always,
Akaahan Terungwa
10:57 am
You need to ask your hosting provider to move you to a different server.
11:05 am
Akaahan , usually you can ask to be removed from any balcklist, but you need to make sure that your site is clean, also that you have a good PTR & SPF record in place, on shared hosting as Mark said it's just a matter of contacting your provider to get it all sorted out.
Another answer obviously is to get a dedicated and let a sysdmin look after it for you in those regards.
11:06 am
I've wondered about this as well, in particular how does using a CDN / Proxy service (like CloudFlare) affect your IP reputation and SEO. Not only are you sharing your IP with other sites but it's different depending on which edge server your site is served from in various parts of the world.
4:04 pm
So much to know to protect the reputation of an IP address. However, it is true. Also, what about services like NoIp? Can anybody add details? I am almost certain spammers use their services. I experimented with them a long time ago. I remember having issues with email and SEO due to their services. That is when I learned that IP addresses matter to some extent.
11:20 pm
Great post,
just reinforces my opinion that many web site owners are ignorant of things that really matter, bit like the car owner who just drives his car but has no idea how it works!
IP health. reputation is of paramount importance if things are going to work.
I run a small, select shared hosting environment for my clients and clients of a relative, I am very choosey who I allow in simply because I want to protect the one IP address they all share.
To that end, they all have allow me to run a daily scan for updates on their sites and have to install any updates within a set time scale, they are also not allowed to run any form of mailing list or auto-responder. Draconian rules, well maybe, but it keeps the IP safe and no one complains because they don't have problems.
As one of your previous commenters stated, the only really safe way to keep your IP address safe is to have a dedicated server, that way you are not sharing it with anyone else.
As always a great post and a great plugin
Thanks
Dave
7:22 am
Interesting Dave, thanks for your input.
11:58 am
Why would a niche website like theglutenalarm begin getting relentless hack attacks? Since April, I have been getting many attempts to break into this site daily. I'm up to way over fifty at this point. I just got seven more today alone. The most relentless is Redmond Washington, which I reported. I don't understand this. I have changed the password again too. Thanks, Sincerely, ShariLee Beynon
7:05 am
Shari
I think Redmond is usually Microsoft crawling the site for Bing. You can use Wordfence to do a whois to see who it is registered to.
At any rate, this isn't really the best place for support questions. If you are a premium customer, open a ticket at http://support.wordfence.com. If you are a free customer support is found at https://wordpress.org/support/plugin/wordfence. We have staff at both locations answering questions.
Thanks!
tim
6:57 pm
Thanks, Tim.
10:16 pm
Checking your IPs reputation is an activity every website owner is doing especially if they are sharing space with other websites. For one, they cannot control the activities of other website owners; secondly, they cannot dictate what should be and what should not be done, third, it's hard to cleanup your reputation once you've been fallen victim to neighbor spammers; lastly, it costs more to clean up your reputation than to get your own private web hosting (imagine the the cost of losing valuable time just by doing clean-ups and the cost you have to invest if you'll have somebody else to clean-up).
2:03 am
The neighboring domains should clearly be on of the factors of distinction between hosting providers. Having a dedicated IP cannot always be feasible - of course, depending on the project. Everybody wants good SEO and good security without doing/paying almost anything, which is not doable.
The link provided in the article doesn't actually tell you all the websites hosted on a certain IP. Of course services like this have limitations due to their DNS cache, which cannot be "complete". Are you aware of similar service that can provide more details into IP reputation ?
10:41 am
If i am using Cloudflare then its show false info :D
4:22 am
We just do away with having the webserver be able to send out emails. We disabled all mail programs and services. Exim, dovecot, everything we turned off and uninstalled. We even blocked the ports.
What we've done is make our webserver unattractive to would be spammers. You want to send mail from your website, use the SendGrid API or any other third party mail provider API. Sure it's a bit restrictive but at least the mail never ends up in spam and our webserver resources don't get used for spamming, maintaining our IP address reputation.