Not every visitor to your website is a welcome one. Automated scrapers harvest your content, spam bots hammer your contact forms, and occasionally a specific IP address shows up repeatedly in your error logs doing something you would rather it stop doing. The cPanel IP Blocker gives you a direct way to deny access to specific addresses without installing additional security software. Here is how to use it effectively - and where its limits are.
When IP Blocking Makes Sense
Persistent content scrapers: If your server logs show a specific IP address making hundreds of requests to your site in short succession - pulling your product listings, blog posts, or pricing - blocking that IP stops the scraping and reduces server load.
Spam bot activity from a known source: If the same IP or IP range appears repeatedly in your spam contact form submissions or brute force login attempts, blocking it prevents future attempts from that source.
Departed employees or former contractors: If someone who knew your login credentials no longer works with your organization and you are waiting for a credential rotation to complete, temporarily blocking their known IP address adds a layer of protection. This is a stopgap, not a replacement for changing passwords.
Suspicious activity in error logs: Repeated 404 requests to paths like /wp-login.php, /xmlrpc.php, or common vulnerability probe paths from a single IP are a signal worth acting on.
Finding the IP Blocker in cPanel
Log in to cPanel and look for the IP Blocker tool under the Security section. In some cPanel themes it may appear under a Security subsection or be found via the search bar.
Blocking Individual IPs and IP Ranges
Blocking a single IP address:
Enter the IP address in the provided field - for example, 198.51.100.42 - and click Add. The IP will immediately start receiving a "403 Forbidden" response when attempting to access your site.
Blocking an IP range using CIDR notation:
CIDR (Classless Inter-Domain Routing) notation lets you block a range of addresses with a single entry. The format is IP/prefix-length. For example:
198.51.100.0/24blocks the entire range from 198.51.100.0 to 198.51.100.255 (256 addresses)198.51.0.0/16blocks a much larger range
CIDR notation is useful when a bot or scraper is operating from multiple addresses within the same subnet, which is common with cloud-hosted bots on AWS, DigitalOcean, or similar platforms. You can identify the subnet from the first few octets of the attacking IPs.
Blocking by hostname:
cPanel also allows blocking by hostname or partial hostname, such as *.badactor.net. This is less precise than IP blocking but useful if you can identify a pattern in the hostnames of unwanted visitors.
The Limitations of IP Blocking
IP blocking at the server level is a useful tool, but it has real limitations that are worth understanding before you rely on it.
Bots cycle through IP addresses. Sophisticated scrapers and spam networks use large pools of IP addresses and rotate through them. Blocking individual IPs becomes a game of whack-a-mole where you block one and five more appear.
Mobile users share IP addresses. Large mobile carriers use carrier-grade NAT, meaning thousands of customers share a single public IP. If you block a mobile IP range, you may be blocking legitimate customers. Always verify before blocking large ranges.
VPNs make IP blocking easy to circumvent. Any determined person with a VPN subscription can bypass an IP block in under a minute.
You can accidentally block yourself. If you mistype a CIDR range or block a shared IP that includes your own connection, you will lock yourself out of your site. If this happens, you can access cPanel directly via your hosting control panel URL (which bypasses the IP block), navigate to the IP Blocker, and remove the entry.
Better Alternatives for Sustained Attacks
For persistent, high-volume attacks, IP blocking in cPanel is insufficient. More effective options:
Cloudflare WAF (Web Application Firewall): Cloudflare sits in front of your site and can block malicious traffic based on IP reputation, geolocation, rate limiting, and behavior analysis - all before requests reach your server. The free Cloudflare tier includes meaningful bot protection, and the paid tiers add more sophisticated WAF rules. This is the most practical upgrade for sites facing sustained bot traffic.
Fail2ban via SSH: If you have SSH access to a VPS or dedicated server, fail2ban monitors log files and automatically blocks IP addresses that show patterns of malicious behaviour (repeated failed login attempts, probing for vulnerabilities). This is more appropriate for advanced users managing their own servers.
For most shared hosting users, the cPanel IP Blocker plus Cloudflare is the right combination: the IP Blocker for targeted, reactive blocking, and Cloudflare for proactive, pattern-based protection.

