Support Home > Developers > Hosting FAQ

Hosting FAQ

This page provides some technical information and guidelines about using our products for network administrators, server admins, and web hosts. By following these guidelines, you’ll help ensure that our shared user base has the best experience!


The entire IP range from ~ needs to be whitelisted.

  • CIDR Notation:
  • GoDaddy Firewall & Sucuri use CIDR Notation.
  • Wordfence: 192.0.[64-127].[1-254]


In order for a blog or forum to use Akismet to check spam, it needs to be able to make outgoing TCP connections to servers at If your network normally blocks outgoing connections from your public web servers, you’ll need to add a firewall rule permitting connections to Akismet.

If your security filters allow exceptions based on hostnames, you should permit connections on port 80 to these:

  • *

Most Akismet API calls will be made to a host name of the form, where api_key is an alphanumeric string that is different for each web site owner.

If your security filters only allow IP-based rules, please refer to the Akismet Hosting FAQ for the list of current IP addresses.

Akismet Specific System Requirements

Akismet is a spam filtering service. It’s most commonly used with WordPress, but is often used with other blog platforms, forum applications, contact forms and similar web apps. It’s a centralized service, so TCP connectivity to servers at is required for it to work.

System requirements for the WordPress plugin are the same as for WordPress, plus:

  • PHP’s fsockopen and gethostbynamel functions must not be disabled (they are enabled by default in PHP).
  • TCP connectivity to

System requirements for other Akismet plugins and implementations vary, but TCP connectivity is always required.


Here are helpful Jetpack troubleshooting links particularly relevant for hosting providers:

Jetpack Basics


Find Help

Download a printable PDF of these Jetpack links.

Jetpack Specific System Requirements

Read more about Jetpack’s Server Requirements. Don’t worry—it is virtually the same as what WordPress expects.

Whitelist all communications between and Jetpack

Some hosts and plugins believe that blocking access to xmlrpc.php will stop various hacking attempts. However, XML-RPC support has been built into WordPress core since version 3.5 and is a stable tool. Jetpack, much like other plugins, services, and apps like the mobile apps, relies on the XML-RPC file to communicate with If this is blocked, your Jetpack connection will stop working properly.

You should be able to protect a site’s XML-RPC file without having to whitelist specific IP ranges. The most popular hosts out there use tools like fail2ban or ModSecurity, for example.

If you’d prefer to use a whitelist, you’ll need to whitelist those IP ranges:


Using Jetpack with Cloudflare and/or Sucuri

By default, Cloudflare and Jetpack should require no additional configuration to operate together, if there are not any additional security configuration specified with Cloudflare.

If you are using Cloudflare (with additional security rules) or Sucuri, these are the ranges they accept:

Important: These IP addresses are subject to change. If you are writing IP-based firewall rules, you’ll need to update those rules any time the addresses change. We also have machine-readable versions of these IP ranges in JSON and plain text format that you can use to automate configuration changes on your systems.

If you are using Cloudflare they also support only allowing traffic coming from servers with an specific AS number, in that case you can whitelist the AS number 2635.

  • Table Of Contents

  • Categories

  • Contact Us

    Need more help? Feel free to contact us.