cPanel’s IP Blocker is a built-in security tool that lets you block specific IP addresses, IP ranges, or entire subnets from accessing your website. Whether you’re dealing with brute-force login attempts, spam bots scraping your content, or a malicious visitor targeting your server, the IP Blocker gives you an instant way to cut off unwanted traffic at the firewall level.
In this guide, you’ll learn how to use cPanel’s IP Deny Manager effectively — from blocking single addresses and CIDR ranges to troubleshooting common issues like accidentally locking yourself out. We’ll also cover how IP Blocker compares to Apache .htaccess deny rules and tools like ConfigServer Security & Firewall (CSF), so you can choose the right approach for your setup.
What Is cPanel’s IP Blocker (IP Deny Manager)?
The IP Blocker in cPanel, also called the IP Deny Manager, adds entries directly to your server’s firewall rules via .htaccess entries. When you block an IP address through cPanel, it writes a Deny from directive into the .htaccess file of every domain on your account. This means the block applies site-wide across all your hosted domains — not just one folder or subdomain.
There are three main ways to block IPs in cPanel:
- cPanel IP Blocker (IP Deny Manager) — Built into cPanel, simple to use, applies globally across your account
- .htaccess deny rules — Manual edits for directory-level blocking
- CSF or firewall-level blocks — Server-wide blocking via command line or server firewall (requires root access)
For most shared hosting and reseller users, the cPanel IP Blocker is the ideal choice. It requires no command-line access, blocks across all your domains automatically, and takes effect within seconds.
How to Block an IP Address in cPanel (Step by Step)
Step 1: Log into cPanel and Open IP Blocker
Log in to your cPanel dashboard. In the Security section, click the IP Blocker icon. If you don’t see it, type “IP Blocker” into the search bar at the top of the cPanel interface.
Step 2: Enter the IP or Range
In the IP or Domain field, enter the address you want to block. cPanel accepts several formats:
| Format | Example | What It Blocks |
|---|---|---|
| Single IP | 192.168.1.100 | One specific address |
| Partial IP (wildcard) | 192.168.1. | All IPs starting with 192.168.1.* |
| CIDR notation | 192.168.1.0/24 | 256 IPs in the 192.168.1.x range |
| Domain name | example.com | Resolves domain to IP and blocks that address |
Enter the value and click Add. The block takes effect immediately.
Step 3: Verify the Block Is Active
After adding the block, the IP Blocker page displays a table of all active rules. You’ll see the IP or range, the date it was added, and a Remove button. The block also writes a Deny from line into your .htaccess file instantly. You can confirm this by opening the File Manager and checking the top of any domain’s .htaccess file.
When to Use cPanel IP Blocker vs. Other Methods
cPanel’s IP Blocker isn’t always the right tool. Here’s how to decide which method fits your situation:
Use IP Blocker When
- A single IP or small range is sending automated requests, scraping content, or hammering your login pages
- You don’t have root or SSH access to the server
- You want the block to apply across all domains under your cPanel account
- You need a quick, non-technical solution that works immediately
Use .htaccess Directly When
- You want to block an IP only on a specific directory, subdomain, or single site — not globally
- You need more granular control, like blocking by referrer, user agent, or request method
Use CSF or Server Firewall When
- Blocks need to apply server-wide (all accounts on the machine)
- You’re dealing with a sustained DDoS or large-scale attack
- You have root or sudo access and are comfortable with the command line
On most shared hosting plans, cPanel’s IP Blocker is sufficient for day-to-day security needs. If your site is popular and attracts frequent malicious traffic, consider layering cPanel’s IP Blocker with a web application firewall like Cloudflare’s WAF.
How to Remove an IP Block and What Happens When You Do
Removing a block is just as simple as adding one. Go back to the IP Blocker page, find the entry you want to delete, and click Remove. cPanel deletes the corresponding Deny from line from all affected .htaccess files and restores normal access.
A common question is whether the blocked visitor sees anything when denied access. Yes — by default, cPanel returns a 403 Forbidden error to the blocked IP. If you want a more informative response, you can create a custom 403.shtml file in your document root, or redirect blocked visitors via .htaccess ErrorDocument directives.
Caution: If you accidentally block your own IP address, you’ll see a 403 error when trying to access your own site or cPanel. To regain access, you’ll need to use the Login to WHM shortcut in your hosting control panel (if you have reseller or admin access), remove the block from WHM’s IP Blocker, or ask your hosting provider to remove it. To avoid this, always verify your own IP address before adding blocks — use a service like whatismyip.com to confirm.
How to Identify Suspicious IPs Worth Blocking
Before you start adding IPs, it helps to know where to find them. cPanel provides several built-in tools to surface suspicious addresses:
- Awstats or Webalizer — Under the Metrics section, look for repeated requests from the same IP hitting non-existent URLs, wp-login.php, or xmlrpc.php
- Raw Access Logs — Download and search for patterns like multiple 404s or POST requests to admin paths within seconds
- cPanel Error Log — A spike in 403 or 500 errors from one IP is a strong signal
- cPHulk Brute Force Protection — Logs repeated failed login attempts to cPanel, Webmail, and FTP; you can block those IPs permanently from the cPHulk interface
Once you’ve identified a problematic IP, cross-reference it against services like AbuseIPDB or VirusTotal before blocking. Some IPs belong to legitimate CDNs, VPNs, or search engine crawlers — blocking Googlebot, for example, will hurt your SEO.
Best Practices for Using cPanel’s IP Blocker Effectively
Follow these guidelines to get the most out of cPanel’s IP Blocker without accidentally causing downtime:
- Block ranges, not individual IPs — Attackers rarely use a single address. If you see traffic from
203.0.113.25, consider blocking203.0.113.0/24to catch the whole subnet - Document your blocks — Add a note or keep a text file listing which IPs you blocked and why. This helps during troubleshooting months later
- Check your .htaccess file size — Hundreds of IP Blocker entries can bloat
.htaccess, slowing down every page request. Periodically review and purge old blocks using the Remove button - Combine with cPHulk — For login protection, let cPHulk handle temporary blocks automatically, and use IP Blocker only for permanent, confirmed malicious IPs
- Use negative blocks sparingly — Blocking at the firewall level (
iptables/CSF) is more performant than.htaccess-based blocks for large numbers of IPs. If you have root access and more than 50 blocked IPs, move to CSF
Key Takeaways
- cPanel’s IP Blocker (IP Deny Manager) lets you block IP addresses, partial ranges, and CIDR subnets from the cPanel dashboard without any command-line knowledge
- Blocks apply globally across all domains in your cPanel account by writing
Deny fromdirectives into every.htaccessfile - For directory-specific blocks or more granular rules, edit
.htaccessmanually instead of using IP Blocker - Always verify your own IP address before adding a block to avoid locking yourself out of cPanel
- Use cPanel’s Awstats, Raw Access Logs, and cPHulk to identify suspicious IPs before blocking them
- Combine IP Blocker with cPHulk and a web application firewall for layered security against brute-force and malicious traffic