You may be wondering, “What exactly is an IP hack?” We publish a lot of information about threats to website owners and explain how to protect WordPress sites. You should understand website security if you own or manage one. But what about your personal devices? Hackers can compromise them too.
Every device that connects to the internet has a unique IP number or address. Having an IP address is necessary for sending and receiving all online information. It’s a unique identifier for your modem, wi-fi router, laptop or desktop computer, smartphone, and any other device that sends and receives information over the internet.
When a hacker targets an IP, they might be trying to gather valuable information from you, including your physical location and your identity. They might use it in an attempt to impersonate you online or make it look like you or your devices are carrying out their illegal activities.
In this guide, you’ll learn about IP-based hacking. You’ll discover what might indicate abuse of your IP, what cybercriminals might do with it, and how you can protect yourself.
Let’s dive in!
What Is Your IP and How Can a Hacker Find It?
Your IP address is a unique string of numbers like
18.104.22.168 (IPv4) or
2001:0db8:0001:0000:0000:0ab9:C0A8:0102 (IPv6). You can find it simple by asking Google, “What’s my IP?”
Web servers have unique IPs — all networked devices do. Your network router at home or work has an IP. Modems, routers, and access points delegate unique IPs to devices on your internal network, including all peripherals, like printers.
Think of an IP number as a physical delivery address for incoming communications. When you move, it may need to change. When you connect to a new network, it may assign your device a new IP. Additionally, the network may record your connection request in an access log listing your IP and its activity.
The vast majority of internet service providers assign their customers dynamic IP addresses. Dynamic IPs change, but static IPs do not — as long as the network maintains a connection. Static IPs are potentially more exposed to abuse, but attackers can learn and abuse dynamic IPs too. Dynamic IPs may stay the same for 24 hours or longer.
Static IPs are useful for port-forwarding. If you want incoming connections to reach a specific device IP and port, that address must be static. This is an unusual case, however, and most people won’t need a static IP.
What could happen if hackers compromise your IP? If someone with malicious intent gains knowledge or control of an IP you are using, they may be able to do a lot of damage. There are many different ways criminals might get their hands on your IP. In the following sections, we’ll take a look at how this could happen.
1. Your Devices
IP addresses are not secrets. For that reason, if someone uses or borrows your laptop with the intention of finding your IP address, they can do it in seconds simply by visiting a site like
whatismyipaddress.com or asking Google.
2. Your Network
If a hacker has broken into your modem, router, or other network devices then the hacker can see their IPs as well as the IPs of other devices connecting to them.
Anyone with access to a router’s admin interface and settings can see IPs on the network. They can also read network activity logs that contain device IPs.
If your router or modem has the admin login credentials attached to it or displayed nearby, or if it uses well-known defaults, anyone who wants to take control of your network can do that with this information once they have access to your network.
3. An Insecure Public Network
An insecure public WiFi access point or “hotspot” allows unencrypted connections with the access point. Anyone on the network with network monitoring tools may be able to see not only the connecting device IPs of all other users — they may also see whatever those users are sending and receiving over the network, like website login credentials. Sites that require two-factor authentication or passkeys for login — which you can set up with iThemes Security Pro — offer protection against this type of threat, but the real solution is to always use encrypted networks.
Some hackers will set up free WiFi hotspots to make it even easier for them to examine all connecting device IPs as well as any sensitive information sent over the network. They may even be able to infect connecting devices with malware.
4. Your Emails
When you send someone an email, the mail header may contain your IP address.
For example, Microsoft Outlook and Yahoo Mail include IP addresses within the header of each outgoing email.
5. Websites You Visit
Every link that you click that requests a web page or other online media sends your IP address to a server so it can deliver you the content you’re requesting.
Anyone in control of a web server can view the access logs or use other methods to identify all the IP addresses that have sent requests to the server.
6. Forums You Use
If you’re somebody who enjoys participating in online discussion forums, keep in mind that the admins of forums can easily see your public IP address. All website administrators can do this, but some forum software logs user IPs and will display them in your posts. Admins and moderators may share or expose this personal information.
7. Ads You Click
Ads carry links too, but they’re typically served by a source that’s different from the web server hosting the ad content.
By clicking ads, you’re handing your IP address over to the ad provider.
Be wary of online ads, because some are specifically created by bad actors with malicious intent, who plan on using your IP in ways that can put you at risk.
Is It Illegal to Trace an IP Address?
As long as it’s not being used for illegal or criminal activities, tracing your IP address is completely legal and common in the United States and many other parts of the world. The apps you use, the websites you frequent, and your internet service provider all log and may deliberately track your IP address, as well as a lot of other personal information.
In Canada, IP addresses are considered personal identity information (PII) and are given more privacy protection. It’s legal to track IPs in Canada for marketing and business purposes. Non-profits may also track IPs under Canadian law. For all other purposes, under the provisions of the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), IP tracking is treated as an invasion of privacy.
The General Data Protection Regulation (GDPR) goes further. It applies to any online activity conducted within the European Union and European Economic Area, and it requires consent to be given if an IP is tracked.
Keep in mind that enforcement of privacy laws is difficult and still an emerging area of law, especially international law. Malicious individuals who want to identify and track your IP address may be located anywhere. They know they are breaking laws, and they don’t care.
What Can Someone Do With My IP?
First, it’s important to know that your IP address doesn’t contain or provide direct access to ultra-sensitive information about you. It may indicate your geographic location, however, and hackers can use that information to do harm. That’s the first of five types of IP hacks we’ll look at next:
1. Find Your Physical Location
Keep in mind that your IP will typically reveal the city you are in. If a malicious actor has your IP address, they could use it to target you and inform their socially engineered hacking.
For example, suppose you’ve publicly announced that you’re going on a vacation. A criminal with your IP address might be able to figure out your home address. Burglary might be their intent, and you might even be tricked into giving them access to your home or building. They might contact you or a neighbor pretending to be a delivery person or someone else who might be trusted.
2. Break Into Your Devices
Every IP address has thousands of ports. Ports can be thought of as windows into a networked device. A hacker who knows your IP address can test every one of those ports for ways to access your device. They might attempt a brute-force login attack, testing common or stolen passwords.
If they successfully connect, they may be able to take over your device and steal information stored on it. They could also infect your device with malware and use it to support their hacking activities.
Hacked devices often end up as part of a botnet. A botnet is a large, distributed network of compromised devices controlled by criminals. Botnets are used to perform denial-of-service and brute-force login attacks. If your device and IP are being used to engage in these crimes, you may experience many unpleasant effects as networks and authorities identify you as a threat.
3. Impersonate You for Social Hacking
A criminal who knows your name, address, IP, and internet service provider (ISP) could cause a lot of trouble. They might contact your ISP’s customer support and attempt to impersonate you to get control of your network and your personal information. Social hacking is always possible and more effective when your personal information is known to the hacker.
4. Spoof Your IP to Conduct Man-in-the-Middle Attacks
Hackers can make their activities look like they’re coming from your IP. If they are doing this from a network that stands between you and sites you’re trying to reach, like a WiFi hotspot they control, they can pretend to be you and also offer you fake versions of the sites you’re trying to reach.
A Man-in-the-Middle attack can be used to bypass strong security methods. Using this kind of deception, cybercriminals could trick you into giving them the correct passcodes for a two-factor authentication challenge to log in to your financial accounts, email, or other critical services.
5. Spoof Your IP to Conduct Illegal Activity
Malicious hackers have been known to use other people’s IP addresses to download or distribute illegal content or to commit other cyber crimes. Any law enforcement investigation of their activity might draw you into it, in this scenario.
How To Stop a Hacker From Exploiting Your IP Address
It’s important to always keep identifiable information about you protected, even if you believe you aren’t at risk. If a hacker is determined enough, they’ll be able to piece together enough information about your identity to impersonate you. The more they know, the more persuasive they can be.
An IP address assigned to one of your devices could very well be their starting point.
Here are six ways to keep your IP protected and prevent hackers from exploiting it:
1. If Your IP Has Been Hacked, Change It Immediately
If you see signs of an IP hack, spoofing, or any evidence your network devices have been compromised, immediately contact your internet service provider and ask for their help. You may request that a new IP address be assigned to you.
Some ISPs allow you to change your IP yourself within your router settings. Others will require that you contact them to request the change. You may also be able to trigger new IP generation by shutting down your internet modem for a while.
2. Update Your Privacy Settings
Take the time to update the settings in your messaging apps for the maximum privacy they offer. Don’t accept messages or calls from sources you aren’t already familiar with.
3. Update Your Router and Firewall
Cybercriminals may be able to remotely hack your router. This will give them control of your IP and many other things. Don’t make their work easy! Change the default router settings.
Change your router’s password periodically. Be sure to use strong passwords and encryption on all your networked devices.
4. Use a Virtual Private Network (VPN)
Using a VPN hides your actual IP address from the rest of the world and encrypts all your communication through the VPN. It comprehensively protects everything your device does while using the VPN.
When you route your data through a VPN server, the public IP associated with your connection actually belongs to the VPN server, not your local network or devices. This prevents websites, advertisers, employers, and others from easily gathering information about your location and device. Your browser itself and other discernible features of your local device may still be visible and trackable as a unique enough “fingerprint” for sophisticated surveillance technology even though your IP is anonymized.
VPNs have a host of other benefits, but keeping your IP address private is their main purpose.
5. Use a Proxy
Much like a VPN, web proxy services provide servers that sit between you and the rest of the internet. The requests your devices make through a proxy are associated with its IP, not your local network or device. Unlike a VPN, a proxy server may not encrypt your communication or guarantee your privacy, and it is only good for one connected app at a time. For example, browsing through a proxy won’t protect your email, but a VPN can cover all your incoming and outgoing communication of any kind.
6. Use “The Onion Browser” (Tor)
The free, open-source Tor browser encrypts your web connection, masks your IP, and tries to make your browser and device “fingerprint” look like everyone else’s. Like the layers of an onion, the Tor network adds layers of protection between you and the rest of the web. Your browser connection is encrypted three times and relayed through thousands of proxies in the Tor network.
As a way to get around IP tracking rules and privacy tools like VPNs, proxies, and Tor, advanced tracking methods can still identify your unique browser and device traits to “fingerprint” you even without knowing your IP. Even Tor has struggled at times to defeat sophisticated fingerprinting.
The Brave browser has more limited but still substantial privacy protections and can use the Tor Network. Using Brave with its Firewall and VPN service is a step farther in privacy, but you can still be “fingerprinted” through a VPN.
You may have seen an “Incognito” or “Private Browsing” mode in Chrome, Edge, Firefox, and Safari. This is a feature to prevent logging of browsing activity on a local and possibly shared device. Using it will not hide your IP or do much to stop tracking done by random websites, advertisers, your ISP, or major tech companies like Google.
Protect Yourself From an IP Hack
Now that you have a better understanding of what an IP hack is and the damage an informed attacker can do with IP data, it’s time to take the threat seriously.
By following the guidance in this article, you’ll never have to worry about an IP hack. It all boils down to this: take some time today to consider when and where you may benefit from a measure of heightened privacy by using a secure browser and/or a VPN.
The Best WordPress Security Plugin to Secure & Protect WordPress
WordPress currently powers over 40% of all websites, so it has become an easy target for hackers with malicious intent. The iThemes Security Pro plugin takes the guesswork out of WordPress security to make it easy to secure & protect your WordPress website. It’s like having a full-time security expert on staff who constantly monitors and protects your WordPress site for you.
Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.