Support » Fixing WordPress » How to whitelist an IP address to htaccess file

  • Resolved TangerineFrog


    This is a really basic question, but could someone tell me how to whitelist an IP address in the root htaccess file?

    I’ve been having issues with PayPal’s IPN not being able to communicate with my server (Error 403 Forbidden). After lengthy discussions with my host, the problem’s been narrowed down to my hefty security settings within the htaccess file which is probably blocking the IPN Post from talking to my website.

    Rather than delete any of the security settings, I would prefer to whitelist the PayPal’s IP address which I hope will solve the problem.


Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Jan Dembowski


    Brute Squad and Volunteer Moderator

    What do you have that could be causing the 403 in your .htaccess? If you know where that is then you can put a conditional that says “but not this IP”.

    For example (not tested):

    RewriteCond %{REMOTE_HOST} !

    But you’ll need to experiment. Make sure you backup your existing .htaccess file first just in case.

    Thanks for your reply. I’m not sure what could be causing the 403 in my htaccess file as it contains a fair amount of security code to deter spammers and hackers. I’m cautious and not entirely comfortable about deleting anything from inside it, hence I was hoping just by whitelisting the IP address that it would solve the problem. I added RewriteCond %{REMOTE_HOST} ! (replacing with the PayPal IP) that you kindly suggested, but sadly I’m still getting the same problem.

    I have a downloadable eBook on my website with a PayPal button which I inserted using the plugin named Bookshelf. I have enabled IPN on my PayPal account and correctly named the Notification URL to match that of Bookshelf. However, the IPN history in PayPal keeps saying ‘Retrying’ and when I select the Message ID I see an HTTP Response Code of 403. The logs in cPanel on my host say ‘client denied by server’. My host says there is nothing untoward server side.

    Looking through the forums, I notice other people have had similar problems when using the plugin BadBehaviour and WP Better Security – both of which I’m not using. However, I am using Wordfence and I’ve already whitelisted the PayPal IP address there.

    Not really sure where to go from here?

    The URL containing the PayPal button is


    Just thought I’d provide an update to my earlier post in the hope that it might help someone else who may be having the same issue. As mentioned in my previous post, after a customer purchased off my website, the IPN logs just kept saying ‘retrying’ and I was getting an HTTP Response Code of 403.

    Those wonderful, helpful people at Hostgator have solved the problem for me which has had me pulling my hair out for days. I have a fair amount of security code in my htaccess file and it was one of those lines of code that was blocking PayPal IPN. Hostgator coded out that line and now it works perfectly. The culprit was:

    SetEnvIfNoCase User-Agent ^$ keep_out

    Description from Hostgator: When the IPN POST request is coming into the server it’s not using a user agent, it’s left blank, so that line in the .htaccess is keeping it out.

    Hope this helps someone.


Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘How to whitelist an IP address to htaccess file’ is closed to new replies.