How to block IP addresses via an .htaccess file

You can quickly block IP addresses from accessing your site or a specific folder by adding a few lines to a .htaccess file. No server-level access is needed - the file sits alongside your content and Apache applies the rules automatically.

Finding or creating your .htaccess file

The . prefix makes .htaccess a hidden file, so you will need to enable hidden file visibility before you can see or create it.

• In cPanel File Manager, click Settings and tick Show Hidden Files.
• In an FTP client, enable the option to show dotfiles (sometimes labelled "show hidden files" or "show server hidden files").

If a .htaccess file does not already exist in the target folder, create a new plain-text file and name it .htaccess.

• To apply rules to your entire site, place the file in public_html.
• To apply rules to a specific folder, place the file inside that folder. For example, to restrict https://example.com/dev, place the file in public_html/dev.

Blocking specific IP addresses

Add the following to your .htaccess file, replacing the example addresses with the IPs you want to block:

Order allow,deny
Deny from 203.0.113.0
Deny from 198.51.100.42
Allow from all

This allows everyone except the listed IPs. To block additional addresses, add more Deny from lines before Allow from all.

Allowing only specific IP addresses

If you want to restrict a folder so that only you or your developers can access it, reverse the logic:

Order allow,deny
Allow from 203.0.113.10
Allow from 198.51.100.5
Deny from all

Only the listed IPs will be permitted; everyone else receives a 403 Forbidden response.