How to Enable IP Blocking

Updated 25 February 2026 10 views SSL & Security

Blocking Malicious IP Addresses

If your website is being targeted by specific IP addresses — whether through brute-force attacks, spam, scraping, or other abuse — you can block those IPs to protect your site and server resources.

Method 1: IP Blocker in cPanel

  1. Log in to cPanel and go to the Security section.
  2. Click on IP Blocker.
  3. Enter the IP address or range you want to block:
    • Single IP: 192.168.1.100
    • IP range: 192.168.1.100-192.168.1.200
    • CIDR notation: 192.168.1.0/24 (blocks the entire 192.168.1.x range)
  4. Click Add to block the IP.

Blocked IPs will receive a 403 Forbidden error when trying to access your site. You can view and remove blocked IPs on the same page.

Method 2: Blocking via .htaccess

For more control, add deny rules directly to your .htaccess file:

Order Allow,Deny
Allow from all
Deny from 192.168.1.100
Deny from 10.0.0.0/8

This method is useful when you need to block IPs for specific directories or want to manage rules alongside other .htaccess configurations.

Method 3: Cloudflare Firewall Rules

If you use Cloudflare, you can block IPs at their edge before traffic even reaches your server:

  1. Log in to your Cloudflare dashboard.
  2. Go to Security > WAF > Tools.
  3. Under IP Access Rules, enter the IP address or range.
  4. Choose the action: Block, Challenge, or JS Challenge.
  5. Click Add.

Finding Malicious IPs

To identify which IPs to block, check these sources:

  • cPanel access logs: Go to Metrics > Raw Access in cPanel to download your access logs and identify suspicious IPs making excessive requests.
  • WordPress security plugins: Wordfence shows live traffic and login attempts with IP addresses.
  • Cloudflare analytics: The Cloudflare dashboard shows traffic by country and IP, making it easy to spot abuse.

Cautions

  • Do not block your own IP — you will lock yourself out. If this happens, access cPanel directly or contact support.
  • Be careful blocking large IP ranges as you may block legitimate visitors.
  • IP blocking is reactive. For proactive protection, use a firewall solution like Cloudflare or a WordPress security plugin.
  • Attackers can change IP addresses, so blocking individual IPs is only a temporary measure against determined adversaries.

Was this article helpful?

Let us know so we can improve our docs.

Back to SSL & Security All Categories

Related Articles

How to Force HTTPS on Your Website

Force all website traffic to use HTTPS using .htaccess rules, WordPress settings, or Cloudflare.

12 views

How to Set Up .htaccess Security Rules

Implement security rules in your .htaccess file to protect against common attacks and vulnerabilities.

12 views

Understanding SSL Certificates

Learn what SSL certificates are, how they work, and why every website needs one for security and SEO.

11 views

How SSL Is Included Free with Your Hosting

Learn how SillyHost provides free SSL certificates through AutoSSL with automatic installation and renewal.

11 views