If you are regularly getting your IP address blocked while developing, testing, or maintaining a website, this article explains what is triggering the blocks and how to set up a permanent whitelist so your work is not interrupted.
This is a particularly common issue for developers, agencies, and resellers who carry out tasks that naturally generate patterns the firewall interprets as suspicious activity.
Activities that commonly trigger IP blocks
- WordPress migrations: tools such as Duplicator, All-in-One WP Migration, or manual migration scripts hit the
wp-login.phpendpoint repeatedly, which looks like a brute-force attack to the firewall - FTP or SFTP work: several failed login attempts in a row (for example, entering the wrong password or using outdated stored credentials) will trigger a block
- Testing contact forms or SMTP: repeated test sends with incorrect credentials cause failed SMTP authentication events to accumulate quickly
- Running automated tests or build scripts: any script making multiple authenticated requests will stack up failed-auth events if the credentials are wrong
- Changing account passwords: if you change a password in cPanel or DirectAdmin but an email client or script continues trying to connect with the old password, it will rapidly accumulate failed login events
The right approach: request a whitelist before you start work
Rather than waiting until you are locked out and raising an emergency ticket, the most effective approach is to request a whitelist for your IP address before beginning any significant development work.
A whitelisted IP is excluded from the automatic block rules, meaning failed authentication attempts from that IP will be logged but will not trigger a block.
To request a whitelist entry:
- Find your current IP address by visiting whatismyip.com
- Raise a support ticket with your IP address, the server or domain you need access to, and a brief note that you are carrying out development or maintenance work
- We will add your IP to the server whitelist, usually within a few hours
Checklist before starting a migration or major update
- Confirm your FTP, SFTP, and cPanel credentials are correct before running any scripts
- Update any stored passwords in your FTP client, SSH client, and email clients before you begin
- If using a WordPress migration plugin, check whether it has a firewall bypass or whitelist option in its settings
- If running automated tests, ensure the test credentials are valid before triggering a run
If you are already blocked
If you have already been blocked, see our article My IP address has been blocked and I cannot access my website or control panel for steps to request an unblock. Once resolved, use the guidance above to prevent the same thing happening again.
Resellers: protecting your clients
If you manage hosting on behalf of multiple clients and frequently work across different accounts, it is worth requesting a whitelist for any fixed IP addresses used by your team as part of your initial setup. This is a one-time request that will significantly reduce day-to-day disruption. Raise a ticket with the IP addresses and the servers they need access to.
