As NNF already depends on the .htaccess file for its URL rewrites, you may instead want to ban IP addresses in there.
Take a look at this example from the superb Perishable Press: https://perishablepress.com/stupid-htaccess-tricks/#sec7a
One of the great things about blocking access at the .htaccess layer is that Apache will drop the connection for you before it ever needs to spin up PHP to do any parsing. This will be easier on your server as well in case of a DoS attack.
For people who feel more at home with PHP, this is definitely nice to have!