Comprehensive Security Tips for Your cPanel Server


1. Secure Login to cPanel and WHM

Always log in to your cPanel and WHM using a valid SSL certificate for your domain name. Logging in via an IP address is less secure. For example, if your domain is example.com, use:

For cPanel: https://example.com:2083

For WHM: https://example.com:2087

While you can log in without SSL (not recommended), you should avoid this method:

For cPanel: http://example.com:2082

For WHM: http://example.com:2086

Port Number SSL Non-SSL
2083 YES NO
2082 NO YES
2087 YES NO
2086 NO YES

You can also use auto-login URLs for cPanel and WHM:

For cPanel: https://example.com/cpanel

For WHM: https://example.com/whm


2. Set Up a Firewall

Protect your server with the ConfigServer Security & Firewall (CSF). Follow these installation commands:


cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

To test CSF and ensure it is working correctly, run:

perl /usr/local/csf/bin/csftest.pl

If the script does not report any fatal errors, you’re good to go. For more details, refer to the full installation manual.


3. Secure SSH Access

Change the default SSH port from 22 to another number to improve security. Modify the SSH configuration file located at /etc/ssh/sshd_config and choose a port number, for instance, 1527. After saving the changes, open the new port in your firewall rules and restart the SSH service:

service sshd restart

4. Additional Security Measures

Enhance the security of your cPanel server with the following tools and products:

  • CloudLinux CloudLinux: Protect your server with CloudLinux OS, a secure environment that enhances stability and security. CloudLinux provides crucial features like CageFS, PHP Selector, and LVE Manager to ensure your server remains safe from vulnerabilities and maintains optimal performance. It’s a must-have for hosting providers and server administrators looking for reliable protection against server crashes and security breaches.
  • Imunify360 Imunify360: Keep your server secure with this comprehensive security solution that includes malware protection and firewall features. Imunify360 offers real-time protection, automatic malware removal, and proactive defenses against emerging threats. Its integrated web application firewall and centralized management dashboard make it an essential tool for safeguarding your server from both known and unknown security risks.
  • CXS CXS: Detect and prevent malicious threats with ConfigServer eXploit Scanner, a vital tool for server security. CXS scans your server for known exploits and backdoors, providing detailed reports and automated responses to keep your environment secure. It’s especially useful for identifying and mitigating risks before they can impact your server’s performance or integrity.
  • OSM OSM: Monitor outgoing emails to prevent spam and protect your server’s reputation with Outgoing Spam Monitor. OSM helps you track and manage email traffic, reducing the risk of your server being blacklisted due to spam or abusive email practices. It provides valuable insights into email activity, ensuring compliance with best practices and maintaining a positive sender reputation.
  • JetBackup JetBackup: Ensure data integrity with comprehensive backup solutions that secure your server data effectively. JetBackup offers automated backup and restoration features, including full account backups, incremental snapshots, and off-site storage options. It simplifies the backup process and provides peace of mind by ensuring that your critical data is protected and easily recoverable in case of data loss or server failure.

5. Summary

Securing your cPanel server involves multiple layers of protection. From using SSL certificates for secure login to setting up a robust firewall and securing SSH access, each step contributes to a more secure environment. Enhance your server's security with tools like CloudLinux, Imunify360, CXS, and OSM. By implementing these measures, you can significantly reduce the risk of vulnerabilities and ensure a safer hosting environment for your clients.