> ## Documentation Index
> Fetch the complete documentation index at: https://help.noxity.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Remote Database Access

> Whitelist external IP addresses so your laptop, another server, or a CI runner can connect to your cPanel MySQL databases.

By default, MySQL on your hosting account only accepts connections from `localhost` (apps running on the same server). Remote Database Access opens up the firewall on port `3306` for specific IPs you trust, so you can connect from MySQL Workbench, TablePlus, DBeaver, or your laptop's `mysql` client.

Open it from cPanel home → **Databases** → **Remote Database Access**.

<Frame caption="Remote Database Access page with the Add Access Host form and the existing whitelist below">
  <img src="https://mintlify.s3.us-west-1.amazonaws.com/noxity/images/cpanel/database-management/remote-database-access/page-light.png" alt="Remote Database Access page" className="block dark:hidden" />

  <img src="https://mintlify.s3.us-west-1.amazonaws.com/noxity/images/cpanel/database-management/remote-database-access/page-dark.png" alt="Remote Database Access page" className="hidden dark:block" />
</Frame>

## Whitelist your IP

<Steps>
  <Step title="Find your public IP">
    Open [whatismyipaddress.com](https://whatismyipaddress.com) or run `curl ifconfig.me` from a terminal. That's the IP MySQL will see when you connect.
  </Step>

  <Step title="Add it to the host list">
    On the Remote Database Access page, paste the IP into **Host** and an optional comment into **Comment** (we recommend something like `home laptop` or `prod CI runner`, Future You will thank you).

    Click **Add Host**.
  </Step>

  <Step title="Connect">
    Use these settings in your client:

    | Setting  | Value                                                                              |
    | -------- | ---------------------------------------------------------------------------------- |
    | Host     | Your server's hostname (`<n>.web.systeminterface.net`) or its shared IP, both work |
    | Port     | `3306`                                                                             |
    | User     | Full prefixed user (e.g. `acme_wpuser`)                                            |
    | Password | The one you set when creating the user                                             |
    | Database | Optional, leave blank to see all yours                                             |

    Find your hostname and shared IP in the cPanel right sidebar, under **General Information**.
  </Step>
</Steps>

## Wildcards and IP ranges

The Host field accepts a few patterns:

| Pattern         | What it allows                                   |
| --------------- | ------------------------------------------------ |
| `203.0.113.42`  | One specific IP                                  |
| `203.0.113.%`   | Anything in `203.0.113.0/24` (256 addresses)     |
| `%.example.com` | Any host whose reverse-DNS ends in `example.com` |
| `%`             | Any IP, anywhere                                 |

<Warning>
  Don't use `%` (any IP) on a production database. It exposes your MySQL server to the entire internet, and brute-force scanners hit port 3306 constantly. If you genuinely need wide access, scope to a `/24` and revisit it monthly.
</Warning>

## When your home IP changes

Most home internet connections rotate the public IP every few weeks. If your client suddenly stops connecting:

1. Re-check your IP at [whatismyipaddress.com](https://whatismyipaddress.com).
2. If it's different from the whitelist entry, update the entry in Remote Database Access.
3. Save and reconnect.

For laptops that move between networks, consider connecting through a VPN with a static IP, or use SSH tunneling instead (covered below).

## Alternative: SSH tunnel

If your hosting plan includes [SSH access](/web-hosting/cpanel/security-settings/ssh-keys/ssh-keys-example) (Standard and Power tiers), you can tunnel MySQL over SSH and skip Remote Database Access entirely. The connection looks local to MySQL because it comes through `localhost` on the server side.

```bash theme={}
ssh -L 3307:localhost:3306 username@hostname.web.systeminterface.net
```

Then connect your local client to `127.0.0.1:3307` instead of the remote server. The tunnel forwards traffic over your authenticated SSH session, no firewall rule needed.

This is the safer default for one-off remote access.

## Common issues

<AccordionGroup>
  <Accordion title="Connection times out from a whitelisted IP">
    Your local network or ISP may be blocking outbound port `3306`. Many corporate and university networks do this. Test from a phone hotspot to rule out your own network. If it works there, the issue is your local firewall. Use the SSH tunnel approach instead.
  </Accordion>

  <Accordion title="ERROR 1130: Host '...' is not allowed to connect">
    The IP isn't in the whitelist, or it's not the IP MySQL is seeing. The error message tells you which IP MySQL saw. Paste *that* IP into Remote Database Access. Most often this happens because your home network changed IPs.
  </Accordion>

  <Accordion title="ERROR 2003: Can't connect to MySQL server">
    The TCP connection itself is failing. Either the host/port is wrong, or our firewall is rate-limiting you (we throttle obvious brute-force patterns). Wait 15 minutes and try again. If it persists, open a ticket and we'll check.
  </Accordion>
</AccordionGroup>

## Need a hand?

<CardGroup cols={2}>
  <Card title="Open a ticket" icon="life-ring" href="https://members.noxity.io/submitticket.php">
    Best for anything that needs an account check or a config change on our end.
  </Card>

  <Card title="Live chat" icon="messages" href="https://noxity.io/contact">
    Faster for quick questions during business hours.
  </Card>
</CardGroup>