IP Blocker

The IP Blocker tool in cPanel lets you deny access to your website from specific IP addresses or ranges. This is useful for blocking malicious visitors, bots, or unwanted traffic.

When to Use IP Blocking

Brute force attacks: An IP address is repeatedly trying to log into your admin panel or cPanel.
Spam or abuse: A specific IP is submitting spam through your contact forms or comment sections.
Scraping: A bot is aggressively crawling your site and consuming excessive resources.
Geographical blocking: You want to block traffic from a specific region by blocking their IP ranges.

Blocking an IP Address

Log into cPanel.
Scroll to the Security section.
Click IP Blocker.
In the Add an IP or Range field, enter the IP address or range you want to block.
Click Add.

Accepted Formats

The IP Blocker accepts several formats:

Single IP: 192.168.1.100 — blocks one specific address.
IP range (CIDR): 192.168.1.0/24 — blocks all 256 addresses from 192.168.1.0 to 192.168.1.255.
IP range (implied): 192.168.1.0-192.168.1.255 — blocks all addresses in the specified range.
Implied range: 192.168.1. (with trailing dot) — blocks all addresses starting with 192.168.1.

Common CIDR Blocks

/32 — Single IP address (1 address)
/24 — 256 addresses (e.g., 192.168.1.0 - 192.168.1.255)
/16 — 65,536 addresses (e.g., 192.168.0.0 - 192.168.255.255)
/8 — 16.7 million addresses (e.g., 192.0.0.0 - 192.255.255.255)

Warning Be careful with large IP ranges. Blocking a /16 or /8 range can inadvertently block legitimate visitors. Start with individual IPs or /24 ranges and only expand if needed.

Finding the IP Address to Block

There are several ways to identify problematic IP addresses:

Access logs: In cPanel, go to Metrics → Raw Access to download your access logs. Look for IPs making excessive or suspicious requests.
Visitors: Go to Metrics → Visitors to see a summary of recent visitors grouped by IP.
Application logs: WordPress security plugins (like Wordfence or Sucuri) log failed login attempts and suspicious activity with IP addresses.
Error logs: Go to Metrics → Errors to see recent error log entries, which often include the offending IP.

Tip Before blocking an IP, look it up at AbuseIPDB to see if it has been reported by others. This helps confirm whether the IP is actually malicious.

Removing a Blocked IP

Go to Security → IP Blocker in cPanel.
Scroll down to the Currently-Blocked IP Addresses list.
Find the IP address you want to unblock.
Click Delete next to the entry.
Confirm the removal.

Important Considerations

Don't block your own IP: If you accidentally block your own IP address, you will be locked out of your website and cPanel. If this happens, contact our support team to have the block removed.
Dynamic IPs: Many internet providers assign dynamic IP addresses that change periodically. Blocking one IP may not permanently stop a determined attacker, and the IP may later be assigned to a legitimate user.
VPNs and proxies: Attackers may use VPNs or proxy services to rotate through many IP addresses. For persistent attacks, consider additional security measures like a Web Application Firewall (WAF) or Cloudflare.
Cloudflare users: If your site is behind Cloudflare, the IP addresses in your logs may be Cloudflare's IPs rather than the visitor's real IP. In this case, use Cloudflare's firewall tools to block IPs instead.

Note The IP Blocker adds deny rules to your .htaccess file. If you have a large number of blocked IPs, this can slightly affect server performance. For blocking large numbers of IPs, a firewall solution is more efficient.