Security is a huge deal. There are many ways to ensure that your cPanel/WHM server is secure, but it all starts with the basics. In this blog post, we will go over 25 tips that can help you keep your system safe from any threats!
25 Tips to Improve Your cPanel/WHM Security
1.) Set Secure Passwords
Make sure that you change your password every 90 days. Use a secure password generator to keep it neat and clean. If someone gets their hands on your root password, they can take over the server in minutes!
2.) Install Updates
Don’t wait for cPanel/WHM to prompt you when there is an update available! It’s important that you are up-to-date as possible with all of the latest security patches from CentOS or RedHat.
3.) Create Backup Accounts
Create a backup account for each user that needs access to the server. This way, if they do something out of line you can suspend their account until it is resolved.
4.) Web & Email Security
Cybercriminals are targeting internal employees to gain access and commit fraud. Phishing is one of the tools they use, and it’s important that suspicious emails containing attachments be closely monitored for any sign of trouble. Web content filters and email filters work together to block users from accessing malicious web content.
5.) Restrict SSH Access via Public Keys ONLY
Any passwords being saved should be done using public keys rather than passwords stored locally on each individual server. This will ensure that your system is kept safe from brute force attacks, and hackers won’t be able to get into the server through SSH without proper credentials.
6.) Disable Web Shell
By default, most servers have a web shell installed in cPanel/WHM, which can allow an attacker access into WHM if they manage to gain root access on the box with these credentials. Make sure this feature is disabled by going into WHM > Install or Remove Software.
7.) CSF Firewall Protection
One of the best tools you can use to help with your cPanel/WHM security is a firewall. The CSF Firewall (Config Server Security & Firewall) will protect most services such as FTP, SSH, and POP/IMAP. It’s easy to install and configure with options like brute force protection!
8.) Keep an Eye on Logs
If there are any signs that something strange is happening or users have been trying to gain access into your system without proper credentials being sent via email, check the /var/log directory for anything suspicious.
9.) Upgrade cPanel Regularly
This is one of the easiest ways to help ensure that your server stays up-to-date with security patches and you don’t get hacked. This can be done by going into WHM > Upgrade cPanel & Install Updates.
10.) Enable Brute Force Protection
A brute force attack is when somebody tries to gain access to your server by guessing the username and password combination. This information can be found out through trial-and-error (trying one, then trying another), or via automated software which is used for this purpose; hence why it’s called ‘brute force’. Luckily, there is an option available in WHM > Tweak Settings that can help protect your system from these types of attacks!
11.) Disable Anonymous FTP
Anonymous FTP is a way for users to access your files without being logged in with any credentials. This can be used by hackers as an open door into your cPanel/WHM server if they manage to gain root access to the box! Make sure that this feature is enabled or disabled depending on what you want, and use WHM > Feature Manager to do so quickly.
12.) Hosted Site Security Check
This quick tool can be used to test the security of your website(s) by entering the URL. It will check for things like SSL certificates, old software versions, and whether or not you are using an outdated theme/CSS framework (which could lead to vulnerabilities).
13.) Enable Auditing
If someone is able to gain access into WHM as a root user, it’s important that there is some tracking ability available to log all activity performed by these users. You should make sure auditing is enabled so that a log file keeps track of everything they do on a daily basis!
14.) Disable Unused Services & Daemons
Always make sure that you are only running the necessary services required to keep your server working smoothly. You can do this by going into WHM > Service Manager and disabling any features which aren’t being used, or those that pose a potential security risk if they’re left active.
15.) Disable Apache mod_userdirs
In order for someone to exploit anything within apache, it requires certain directories or files being set up properly so that whatever you’re trying to do actually works. If this is not set up, an attacker will have a very difficult time getting anywhere.
16.) Lock tmp
A tmp partition is used for the temporary storage of files. If this directory has World-readable permissions, it can be misused by attackers to store/read information about your system (such as the /etc/passwd file). This configuration prevents attackers from storing files and running programs in the tmp folder.
17.) Enable Security Updates
One last thing you should always do before logging off from your server is make sure that all security updates are installed if they’re available. You can find out what’s required and how to install them in WHM > Update Preferences under ‘Security Center’.
18.) Disable PHP mail() Function
The PHP mail() function sends emails directly through PHP without using SMTP, which poses a potential threat because an attacker could potentially spoof headers with spam techniques, like SPAM or XBL.
19.) Control Access Service by IP Address
cPanel & WHM allows you to control who can access your server by IP Address. This is a great way to make sure only the right people gain access when they need it! You should add all of the necessary IP Addresses into cPHulk in order for this service to be useful.
20.) Enable Apache mod_suPHP
By default, cPanel uses suEXEC which is an older method that can actually pose some security risks if not configured properly; we suggest you use the mod_suPHP module instead since it’s faster and more secure.
21.) Disable Backtick Shell Command Privilege Separation
If someone is able to gain access as root user on your box, this allows them to execute shell commands within those backticks using the system() call without requiring any prior checks or filtering beforehand.
22.) Disable Root Access via SSH
Unless absolutely necessary, this should be disabled. If you do not plan on using SSH to connect, then there is no reason for root access via SSH and it can make your system more secure!
if you would like 6 more things that you can do with your SSH, check out our blog article on Advanced Secure Shell.
23.) Don’t Use “root” as Username
Even though most people don’t have an issue with logging in with their main username like “admin”, it doesn’t mean they shouldn’t change away from whatever the defaults are by default such as admin or test. Using something unique will help protect your security, should someone get hold of the root password from your hosting provider and attempt to login with it!
24.) Enable Two-Factor Authentication
Using two factor authentications can help ensure that even if someone does have their hands on this username/password combination they won’t be able to gain access without also having another piece of information, such as an authenticator app or other means.
25.) Disable suPHP
This allows for any PHP applications running in cPanel’s “suphp” mode which is not good because it provides very little protection against things such as directory traversal. If you do need something like this, however, then make sure to use Apache mod_security instead so that logging can still occur correctly just like suPHP. *****
Why is cPanel/WHM Security Important?
cPanel & WHM can be an open door to your server if you do not take security seriously. If it’s exposed, then attackers could potentially gain access and start doing some very bad things.
That’s why it’s important to take security seriously and follow the above tips in order to ensure your system is as safe as it can be!
In conclusion, there are many more tips and tricks that can help make your cPanel/WHM server a lot safer to be using. If you follow all these steps, then even if someone does manage to compromise something on the box they won’t have access to everything. This is because by following each of these instructions, we’ve hopefully limited what an attacker has access to at any given time which will ultimately keep them out! If you want to learn more