Write Review

How to Whitelist an IP Address Using cPanel

Website security is one of the most vital tasks to practice every day. Once in a while, you may read about vulnerabilities a website can have.

In the last couple of years, the numbers of attacks have increased, because people are transforming their small business, and the online market is for everyone.

If you don't apply any security layers, your website can't survive for long; it's essential to install a security plugin. Apart from everything, you should understand the concept of whitelisting an IP address.

If you solely manage your website, it's going to be one of the most useful security steps. You can whitelist your IP address so that no one else can make any changes on your website.

As you know, every internet connection has an IP address compiled with characters and numbers of strings, and computers recognize it to make a connection.

WordPress is intelligent, which means, you can tell it your IP address so that the CMS can allow you to manage it.

If a user with any other IP address tries to log into your website, they can't do it, because the IP address is different than yours.

Depending on the number of website administrators, contributors, editors, you can add the IP addresses in the whitelist.

Add a Code to the .htaccess File of Your WordPress Site

No doubt, the .htaccess file is one of the most important files which controls tons of things on a WordPress website.

Whenever you try to harden the security of a site, you come across many tutorials which demonstrate the code editing of this file.

You may be wondering if you can whitelist an IP address without editing the code, and yes, you can.

There are some security plugins, which allow you to whitelist or block a specific set of IP addresses. You need to find the one which fits your requirement.

In the meantime, let me start explaining the code editing process.

Step 1

The first thing is to open cPanel from the Account Management Panel of your web hosting account. A few web hosting offers direct access to cPanel using ports.

Depending on your available web hosting, log into cPanel and search for, the most commonly used, the File Manager icon under Files.

How to Whitelist an IP Address Using cPanel

Don't fret if you see something different than the screenshot, the layout of cPanel may be different, but the options will be similar.

Step 2

Make sure you open the public_html directory, which is also called the root directory, from the left-side vertical menu.

How to Whitelist an IP Address Using cPanel

Most of the times, when you open the file manager, you see an empty directory, which is the home directory. It depends on how you manage your data.

Step 3

Right-click to choose an Edit option. Some people prefer to use the link showing on the main navigation menu of cPanel.

Step 4

Proceed further and you can see a popup to confirm, click on the Edit button and a new tab will appear to you in your browser.

How to Whitelist an IP Address Using cPanel

You can see many coding lines, but don't be afraid, you don't need to touch anything, you simply need to add an extra code before #End WordPress.

Let me show an idea of the code snippet.

<IfModule mod_rewrite.c>
RewriteCond%{REQUEST_URI} ^(.*)?wp-login.php(.*)$ [OR]
RewriteCond%{REQUEST_URI} ^(.*)?wp-admin$
RewriteRule ^(.*)$ - [R=403,L]

In this code, you can see IP_ADDRESS_ONE and IP_ADDRESS_TWO which will be replaced by the IP addresses you want to whitelist.

If you examine closely, the code explains that the user having the listed IP addresses will be able to login to the admin panel.

If someone else tries to log in, they will receive a 403 forbidden error.

Note: Make sure you keep ^ and $ intact while adding the IP address.

Let me show you an example.

<IfModule mod_rewrite.c>
RewriteCond%{REQUEST_URI} ^(.*)?wp-login.php(.*)$ [OR]
RewriteCond%{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond%{REMOTE_ADDR} !^$
RewriteCond%{REMOTE_ADDR} !^$
RewriteCond%{REMOTE_ADDR} !^190.63.305.84$
RewriteRule ^(.*)$ - [R=403,L]

I have added three IP addresses. Depending on the numbers of users, you can add as many as you want.

Replace the IP addresses with the ones you want to whitelist and save the file, click on the Save Changes button showing at the top-right corner.

If you're a tech-savvy user, you can replace the 403 forbidden error page to any custom page.

As you can see, the second last line in the code controls the result for an unknown user, who tries to log in to your WordPress website, you can modify it.

But it's not that important. All you should care about the security, not the user experience of a hacker.

I Hope You Can Find Your IP Address and Whitelist it

For a non-techie person, it can be a bit challenging to find they own IP address. Well, they can use the IP address finder, there are many free tools on the web.

If you're scared of breaking your website, it's vital to backup the website and its database. As here, you're only editing the .htaccess file, so back it up.

Modify the code shown above, and secure your website by limiting its login access to the IP addresses of your choice.


It's worth taking action to improve your WordPress site's security. I am sure, you will not face any difficulty while editing the .htaccess file.

Whitelisting the IP addresses can be overwhelming if you have a multi-author website, but for a website with limited users, it's perfect.

Check out these top 3 cPanel hosting services:

Was this article helpful?