---
title: "How to Modify WP Cerber Security Access Lists"
description: "In this article: Ensure IP's Detected CorrectlyEdit Access ListWhitelist from Activity PageAllow only specified IPs Access control lists are one of many ways to block malicious activity, protect..."
url: https://www.inmotionhosting.com/support/edu/wordpress/how-to-modify-wp-cerber-security-access-lists/
date: 2019-08-16
modified: 2021-08-16
author: "InMotion Hosting Contributor"
categories: ["Security", "WordPress Tutorials"]
type: post
lang: en
---

# How to Modify WP Cerber Security Access Lists

In this article:

- [Ensure IP’s Detected Correctly](https://#correct-ips)
- [Edit Access List](https://#access-list)
- [Whitelist from Activity Page](https://#activity-page)
- [Allow only specified IPs](https://#allow-only)

Access control lists are one of many ways to block malicious activity, protect data, and save server resources.

WP Cerber’s white list allows IP’s to bypass spam check, country geofencing rules, and two-factor authentication.

Cerber’s black list controls the ability to register, log in, comment, submit forms, use WP REST API, use [XML-](/support/edu/wordpress/disable-xml-rpc-requests/)[RPC](/support/edu/wordpress/disable-xml-rpc-requests/), and other PHP scripts such as *wp**-login.**php*. It does *NOT* affect access to media, Javascript, and cascading style sheet (CSS) files.

Similar to other rule lists – *e.g. software firewalls and cPanel email filters* – WP Cerber follows a set order of precedence:

- White list
- Black list
- Locked out list
- Specific WP Cerber settings

**Note:** When you activate Cerber, it automatically adds your current IP address to the white list. If WP Cerber isn’t detecting IP’s correctly, it’ll add your [server IP](/support/website/how-to-find-your-shared-ip-address-of-your-server-in-cpanel/) instead.

*Improve WordPress performance without extra plugins with our **Nginx**-powered *[WordPress Hosting](/support/product-guides/wordpress-hosting/)*.*

## Ensure WP Cerber Detects IP’s Correctly

Check this to ensure Cerber’s firewall settings work correctly. You’ll likely need to complete these steps if you enabled [Nginx](/support/website/cache-manager-cpanel/)[ Cache Manager](/support/website/cache-manager-cpanel/) and/or [PHP](/support/server/php-fpm/how-to-enable-php-fpm-using-whm/)[–](/support/server/php-fpm/how-to-enable-php-fpm-using-whm/)[FPM](/support/server/php-fpm/how-to-enable-php-fpm-using-whm/) on our WordPress, VPS/ Dedicated Hosting plans respectively.

1. [Check your current IP address using our online tool](/support/tools/what-is-my-ip-address/).
2. [Log into WordPress](/support/edu/wordpress/logging-into-wordpress-dashboard/).
3. Click **WP Cerber** on the left.
4. Click ?**Access Lists#** from the top.
5. If the white-listed IP address matches your current IP, [continue to the next section](https://#access-list). If the IP’s are different, click the **Main Settings** tab in Cerber.
6. Under **Site-specific settings** and **Site connection**, click *My site is behind a reverse proxy*.
7. Click **Save Changes** at the bottom.
8. Log out and log back in.
9. The dashboard activity section should now show the correct IP address.

**Warning:** If this doesn’t work, you’ll need to [configure your wp-config.php file](https://wpcerber.com/wordpress-ip-address-detection/). Don’t forget you can [contact our 24/7 Live Support](/support/amp/how-to-get-great-technical-support/) for additional assistance.

**Note:** Cloudflare CDN users will need to [reconfigure some WP Cerber settings](https://wpcerber.com/cloudflare-and-wordpress-cerber/).

## Manage White and Black IP Access List

The **White IP Access List** and **Black IP Access List** have the same management options. To summarize the permissions listed earlier: white-listed IP’s are never locked out and blacklisted IP’s can’t log in or execute certain PHP scripts.

### Add IP Addresses

1. Type an IP (1.2.3.4), IP range (1.2.3.* equals all IP’s starting with 1.2.3.), or subnet.
2. Add a comment for when reviewing later.
3. Click **Add IP to the list**.

### Manage IP Addresses

- Once an IP is added to an access list, you’ll be able to do each of the following:
- **Check for activities** – redirects to the *Activity* tab and filters info for that IP including hostname, date, time, event, and user.
- **Check Requests** – redirects to the *Traffic Inspector* page and filters traffic for the IP such as URL, hostname, user agent (browser and operating system), and local user.
- **Remove** the IP from the access list.

![Mnaage IPs in the Cerber Access List](https://www.inmotionhosting.com/support/wp-content/uploads/2019/07/wp-cerber-accesslist-1024x702.png)*WP Cerber Access List section*

## Manage IPs from Activity Page

Unknown IPs can be blacklisted from the Activity section with ease.

1. Click on the **Activity** tab.
2. Click on the IP address.
3. Click **Add IP to the Black list** or **Add network to the Black list**. You’ll then see `Black IP Access List` beside the IP address.

![Blacklist IPs in Cerber](https://www.inmotionhosting.com/support/wp-content/uploads/2019/07/wp-cerber-activity-blacklist-1024x455.png)*WP Cerber Activity Log*

### Allow Only Specific IP’s

To further harden your WordPress security, add `*.*.*.*` to the black IP access list. Afterwards, anyone attempting to access your login page from an IP not on the white list will be redirected to your 404 page.

Do more to protect your website with [10 Ways to Secure WordPress](/support/edu/wordpress/10-ways-to-secure-wordpress/).
