Cantech Knowledge Base

Your Go-To Hosting Resource

  1. Plesk
  2. How to Restrict IP Address for Administrator Access in Plesk?

How to Restrict IP Address for Administrator Access in Plesk?

Securing a web server should be your number one priority. One of the best practices you can implement if you have the Plesk control panel is restricting administrator access by IP address. It will allow you to limit access to the Plesk admin panel to only the IPs you have trusted.

In this blog, we’ll walk you through the step-by-step guide on restricting IP addresses for administrator access in Plesk, along with useful tips and FAQs, all in simple, conversational terms.

Why Restrict IP Address Access in Plesk?

Plesk is a powerful tool. However, with great power comes great responsibility. If anyone can access your admin page, they can have full access at their disposal. They can become an easy victim to brute-force attacks, hacking, unauthorized account accesses, or malicious bot activity.

By restricting access to said page, you have shut the door on unwanted visitors, even if they have your access login.

Steps to Restrict Administrator Access by IP Address in Plesk

Here’s how you can limit admin access to trusted IPs only:

1. Log in to Plesk as Admin

First, log into your Plesk control panel using your administrator credentials.

2. Go to IP Access Restriction Management

Once you’re in:

  • Head over to Tools & Settings.

  • Under Security, click on IP Access Restriction Management.

This is where all the magic happens.

3. Set the Access Policy

In the IP Access Restriction panel:

  • Click on Settings.

  • Choose the access rule:

  • Allowed, excluding the networks in the list – Everyone except the IPs you list is allowed.
  • Denied from the networks that are not listed – Only the IPs you specify will be allowed.

Most secure option? Go with the second one: “Denied from networks not listed”.

  • Click OK to apply.

4. Add Your Trusted IPs

Now, let’s whitelist your IP.

  • Click on Add Network.

  • Enter your IP address (e.g., 203.0.113.25) or a range/subnet (e.g., 203.0.113.0/24).

  • Click OK.

That’s it! Now only users with your whitelisted IPs will be able to access the Plesk admin dashboard.

Beware of locking yourself out!

Before you press that final ok button, make sure that your current IP address is in the whitelist otherwise you could end up locking yourself out of Plesk.

  • And if you do accidentally lock yourself out.
  • Login to the server using SSH (Linux) or Windows Remote Desktop.
  • Access the Plesk database using plesk db, or phpMyAdmin.
  • Go into the ip_access table and remove the ip restriction entry manually.

Pro tips for better security

  • Use static IPs or VPNs with static IPs because if your IP is changing dynamically, you’re going to have problems with IP restrictions.
  • Regularly audit and keep the allowed IPs list up to date.
  • Always use IP restrictions in conjunction with two-factor authentication and a strong password policy.

Common Error Message

If someone attempts to log in from an unauthorized IP, their error will look like this:

“Access for administrators from address 203.0.113.2 is restricted by IP access restriction policy currently applied.”

It confirms your restriction policy is working as intended.

Final Wrap Up

Restricting admin access to IP addresses within Plesk is a simple yet very effective step to secure Plesk. Even if you’re only managing one website or a full hosting server, you can save yourself a lot of hassle from unauthorized access or brute-force attacks.

Now that you’ve gone through the above steps, pat yourself on the back and secure your Plesk admin area like a pro!

FAQs

Can I allow multiple IPs?
Yes! You can add as many IPs or subnets as you want in the IP Access Restriction Management section.

What if I use a dynamic IP?
Consider using a VPN with a static IP or update the allowed IPs manually whenever it changes.

Does this affect FTP or email access?
No, this restriction only applies to the Plesk admin interface and won’t impact other services like FTP, mail, or databases.

How can I remove an IP from the allowed list?
Go to Tools & Settings > IP Access Restriction Management, select the IP entry, and click “Remove.”

Is it possible to restrict access for specific Plesk users?
No, IP restriction is not user-specific and applies to the entire admin interface. For more granular control, combine it with user roles and permissions.

How do I reset restrictions if I get locked out?
Login via SSH or RDP, access the Plesk database, and manually remove or update the IP restriction settings.

June 4, 2025