cPanel Security

How to Block IP Addresses in cPanel Using IP Deny Manager: A Complete Security Guide

by

If your website has ever been hit by a brute force attack, comment spam from a specific IP range, or repeated login attempts from a suspicious location, you already know how disruptive malicious traffic can be. cPanel provides a powerful but often overlooked tool called the IP Deny Manager that lets you block unwanted visitors at the server level before they ever reach your site. Unlike blocking IPs through .htaccess alone, the IP Deny Manager operates through Apache’s httpd.conf, offering more reliable enforcement and broader coverage across all services on your account.

In this guide, you will learn how to use the cPanel IP Deny Manager to block specific IP addresses, entire IP ranges, and CIDR blocks. You will also learn when to use IP blocking versus other security tools like cPHulk Brute Force Protection or ConfigServer Security & Firewall (CSF), so you can build an effective layered defense for your website.

Read more

How to Enable and Configure Hotlink Protection in cPanel: A Complete Guide

by

If you run a website with images, videos, or downloadable files, you’ve probably noticed bandwidth creeping up even when your actual traffic seems steady. One common culprit: other sites linking directly to your media files. This practice, known as hotlinking, drains your server resources and can slow down your site for legitimate visitors. Fortunately, cPanel’s Hotlink Protection feature makes it easy to stop this cold.

In this guide, you’ll learn exactly what hotlinking is, how to enable Hotlink Protection in cPanel, how to configure allowed domains and file extensions, and what to do if legitimate sites get blocked. By the end, you’ll have a simple but effective line of defense running that saves bandwidth and keeps your content behind your intended audience.

Read more

How to Fix AutoSSL Errors in cPanel: A Complete Troubleshooting Guide

by

Understanding AutoSSL and Its Role in cPanel Security

AutoSSL is one of cPanel’s most valuable security features — it automatically issues, installs, and renews free SSL/TLS certificates for every domain on your server through Let’s Encrypt or a cPanel-authorized certificate authority. For site owners managing multiple domains, AutoSSL removes the tedious manual work of tracking expiration dates and running renewal commands. When it’s working correctly, you never have to think about it. But when AutoSSL breaks — whether due to validation failures, rate limits, or misconfigured DNS — every site on your server becomes vulnerable to browser security warnings and lost visitor trust.

Unfortunately, AutoSSL failures are surprisingly common, especially on shared hosting environments and newly configured servers. Domain validation (DV) checks fail, rate limits kick in, or the cPanel certificate authority rejects a request for reasons that aren’t immediately obvious. This guide walks through every major AutoSSL error scenario, explains what causes each one, and gives you the exact steps to resolve it so you can restore automatic SSL coverage across your entire cPanel account.

Read more

How to Use cPanel IP Blocker: A Complete Guide to Blocking Malicious IPs

by

cPanel’s IP Blocker is a built-in security tool that lets you block specific IP addresses, IP ranges, or entire subnets from accessing your website. Whether you’re dealing with brute-force login attempts, spam bots scraping your content, or a malicious visitor targeting your server, the IP Blocker gives you an instant way to cut off unwanted traffic at the firewall level.

In this guide, you’ll learn how to use cPanel’s IP Deny Manager effectively — from blocking single addresses and CIDR ranges to troubleshooting common issues like accidentally locking yourself out. We’ll also cover how IP Blocker compares to Apache .htaccess deny rules and tools like ConfigServer Security & Firewall (CSF), so you can choose the right approach for your setup.

Read more

How to Use cPanel’s IP Blocker to Block or Allow IP Addresses

by

If you manage a website with cPanel, keeping unwanted traffic out is just as important as letting legitimate visitors in. Whether you are dealing with a malicious bot scraping your content, a brute-force attack on your login page, or just need to restrict admin access to specific IP addresses, cPanel’s IP Blocker tool gives you direct control over who can and cannot reach your site.

This guide walks through everything you need to know about blocking and allowing IP addresses in cPanel — from the basics of the IP Blocker interface to advanced use cases like blocking entire CIDR ranges and diagnosing false positives.

Read more

How to Fix AutoSSL Errors in cPanel: A Step-by-Step Guide

by

Nothing kills a morning faster than logging into cPanel to find an AutoSSL error staring at you from the dashboard. The little red badge next to SSL/TLS means that one of your domains just failed to get a free Let’s Encrypt certificate — and if you don’t fix it quickly, your visitors will see the dreaded “Not Secure” warning in their browser.

AutoSSL in cPanel is supposed to be a set-it-and-forget-it feature. And most of the time, it is. But when it breaks — whether from DNS misconfigurations, server rate limits, or certificate validation failures — it can be frustrating to diagnose, especially if you’re not sure where to start. This guide walks you through the most common AutoSSL errors, how to read the logs, and the exact steps to resolve each one.

Read more

How to Use cPanel’s WordPress Toolkit for Staging, Cloning, and Security Hardening

by

cPanel’s WordPress Toolkit is one of the most powerful features available to site owners on modern hosting platforms. It replaces the traditional manual approach of downloading WordPress, uploading files via FTP, editing configuration files, and running installers in the browser. Instead, the WordPress Toolkit provides a single dashboard where you can install, clone, stage, back up, and secure WordPress sites without ever touching a command line. This guide walks through every major feature of the WordPress Toolkit and shows you how to use it effectively.

Whether you manage a single blog or dozens of client sites, the WordPress Toolkit significantly reduces the time required for routine tasks. You can create a staging copy of a live site in under a minute, push changes back to production with a single click, configure automatic security scans, and manage Smart Updates that automatically roll back broken changes. By the end of this guide, you’ll know exactly how to leverage every tool in the WordPress Toolkit to streamline your workflow and harden your WordPress installations.

Read more

A Complete Guide to ModSecurity and WAF Configuration in cPanel

by

If your cPanel-hosted website has ever been compromised, defaced, or used to distribute malware, you know how devastating a security breach can be. Hackers routinely scan for vulnerable applications, outdated plugins, and weak configurations. Fortunately, cPanel includes a powerful first line of defense that many site owners underutilize: ModSecurity and the integrated Web Application Firewall (WAF). Configuring these tools correctly can block the vast majority of common attacks before they ever reach your application code.

ModSecurity is an open-source web application firewall engine that integrates directly with the Apache web server. cPanel provides a user-friendly interface to manage ModSecurity rules, toggle protections, and create custom rule exclusions. This guide walks you through enabling ModSecurity, understanding the rule sets, whitelisting false positives, and monitoring blocked traffic — so you can harden your server without breaking your site’s functionality.

Read more