π οΈ Plesk Admin Login Blocked β IP Restriction Recovery Guide
β Problem
You see this error when trying to log in to Plesk:
Access for administrator from address your IP address is restricted in accordance with IP Access restriction policy currently applied.
This happens when your current IP address isnβt allowed under Pleskβs administrative access restriction policy.
π§ Background
Plesk allows administrators to restrict access to the control panel based on IP addresses. This is controlled via:
Tools & Settings β Restrict Administrative Access
If your IP is not on the allowlist, youβll be blocked from logging in.
β Solution Options
π Option 1: Add Your IP Address to the Allowlist (Recommended)
π¨βπ» Purpose:
Grant access only to your current IP while keeping existing restrictions intact.
π§ On Linux (via SSH)
plesk db "INSERT INTO cp_access (type, netaddr, netmask) VALUES ('deny', 'your.ip.address.here', '255.255.255.255')"
Explanation:
plesk dbβ This command allows running SQL queries directly on the Plesk internal database.INSERT INTO cp_accessβ Adds a new rule to the IP restriction table.type = 'deny'β In Plesk logic,'deny'means allowed if policy is “deny unlisted”.netaddrβ Replace'your.ip.address.here'with your real IP (e.g.,192.168.1.100).netmask = '255.255.255.255'β Applies this rule to exactly one IP address (a single host).
πͺ On Windows (via RDP + Command Prompt)
plesk db "INSERT INTO cp_access (type, netaddr, netmask) VALUES ('deny', 'your.ip.address.here', '255.255.255.255')"
This is the same command, just run in the Command Prompt (as Administrator) on a Windows-based Plesk server.
π§Ή Option 2: Disable the IP Restriction Policy (Emergency Only)
π¨βπ§ Purpose:
Fully remove the access policy to allow all IPs. Use only if Option 1 is not feasible.
π§ On Linux
plesk db dump > plesk-backup.sql
Explanation:
Creates a backup of the Plesk database in case you need to restore the configuration.
plesk db "DELETE FROM cp_access"
Explanation:
Deletes all records from the IP restriction table (removing all IP rules).
plesk db "UPDATE misc SET val='allow' WHERE param='access_policy'"
Explanation:
Changes the policy setting from deny to allow, so Plesk will permit access from any IP.
systemctl restart psa sw-cp-server
Explanation:
Restarts the Plesk control panel web server to apply changes.
πͺ On Windows
plesk db dump > plesk-backup.sql
Creates a database backup
plesk db "DELETE FROM cp_access"
Removes all IP restriction entries
plesk db "UPDATE misc SET val='allow' WHERE param='access_policy'"
Changes policy to allow unrestricted access
net stop PleskService && net start PleskService
Restarts the Plesk service to apply the new settings
π After Regaining Access β Secure the Panel
Once you can log back into Plesk, itβs critical to reconfigure access restrictions properly.
π§ GUI Steps:
graph TD
A[Tools & Settings] --> B[Restrict Administrative Access]
B --> C[Set Policy: Deny Unlisted IPs]
B --> D[Add Your IP + Office IP + VPN IP]
Explanation:
- Go to Tools & Settings β Restrict Administrative Access
- Set the policy to “Deny access to the server from all IP addresses except those listed”
- Add multiple IPs: your home, office, VPN, etc. to avoid future lockouts
π Enable Two-Factor Authentication
- Go to Security β Two-Factor Authentication
- Scan the QR code with an app like Google Authenticator or Authy
- Test login from multiple devices
β Recovery Checklist
| β | Task |
|---|---|
| β¬ | Logged in successfully |
| β¬ | Added your current and backup IPs |
| β¬ | Access policy set to Deny Unlisted |
| β¬ | 2FA enabled for all admin users |
| β¬ | Database backup (plesk-backup.sql) stored safely |
| β¬ | Logged incident in IT change history |
π‘ Best Practices
- Always whitelist at least 2 IPs (e.g. home + VPN)
- Keep regular backups of the Plesk DB
- Test fallback IPs every quarter
- Document changes in an IT admin logbook