If you need to block a specific IP address from accessing your website, cPanel provides several methods. The easiest approach is using the built-in IP Blocker tool, which automatically adds deny rules to your site's .htaccess file. For server-wide blocking, WHM offers additional options including cPHulk and firewall integration.
Method 1: Using the IP Blocker in cPanel (Recommended)
The IP Blocker is the simplest way to deny access to a single domain or cPanel account.
Step 1: Log in to cPanel
Open your browser and navigate to https://your-domain.com:2083. Log in with your cPanel credentials.
Step 2: Open the IP Blocker
Navigate to the Security section and click on IP Blocker.
Step 3: Add the IP Address
Enter the IP address you wish to block in the Add an IP or Range text box. You can block:
- A single IP address:
192.0.2.15 - An IP range in CIDR notation:
192.0.2.0/24 - An IP range with a wildcard:
192.0.2.* - An IPv6 address:
2001:db8::1
Step 4: Click Add
Click the Add button. The IP address will be immediately blocked. You will see it listed in the Currently-Blocked IP Addresses table below.
Method 2: Manually Editing .htaccess
If you prefer direct control or need more advanced rules, you can edit the .htaccess file directly.
Step 1: Open File Manager
In cPanel, navigate to Files » File Manager. Ensure Show Hidden Files is checked in the top-right settings.
Step 2: Edit .htaccess
Locate the .htaccess file in your website's root directory (typically public_html). Right-click and select Edit.
Step 3: Add the Deny Rule
Add the following lines at the end of the file:
<IfModule mod_authz_core.c>
Require all granted
Require not ip 192.0.2.15
</IfModule>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from all
Deny from 192.0.2.15
</IfModule>To block multiple IP addresses, add additional Require not ip or Deny from lines. To block an entire range, use CIDR notation or wildcards.
Method 3: Server-Wide Blocking via WHM
If you need to block an IP address across all accounts on the server, use WHM.
Option A: cPHulk Brute Force Protection
Navigate to Home » Security Center » cPHulk Brute Force Protection. Under the Blocklists tab, you can add IP addresses or ranges to the block list. Blocked IPs will be denied at the firewall level, preventing access to all services on the server.
Option B: ConfigServer Security & Firewall (CSF)
If your server has CSF installed, navigate to Home » Plugins » ConfigServer Security & Firewall. Add the IP address to the Quick Deny list or use the Deny IP option. CSF blocks the IP at the iptables level for all services.
Important Notes
- The IP Blocker in cPanel only affects web (HTTP/HTTPS) traffic for that specific domain.
.htaccessrules only apply to sites running on Apache. If your server uses LiteSpeed or Nginx, consult your server administrator for the equivalent configuration.- Server-wide methods (cPHulk, CSF) block all services including SSH, FTP, email, and SMTP for the denied IP.
- Be cautious when blocking IP ranges, as you may inadvertently block legitimate users behind shared networks or VPNs.
- Always verify the IP address before blocking. Use a WHOIS lookup if you are unsure about the ownership of the IP.
Troubleshooting
- The blocked IP can still access the site: The IP Blocker adds rules to
.htaccess. Ensure the file is in the correct directory and that Apache is processing.htaccessfiles (check thatAllowOverrideis enabled in the Apache configuration). - Blocked yourself by accident: Remove the rule from
.htaccessvia File Manager, or use the IP Blocker interface to unblock the IP. If you used CSF or cPHulk, use SSH to remove the block from the command line. - IP Blocker is missing from cPanel: Your hosting provider may have disabled this feature. Contact your hosting provider or use the
.htaccessmethod instead. - Need to block many IPs at once: Use CSF's
csf.denyfile via SSH for efficient bulk blocking, or consider ModSecurity rules for pattern-based blocking.
For official documentation, see the cPanel IP Blocker guide and cPHulk documentation.
