Skip to main content

Make cPanel/WHM VPS more Secure

In this guide we will explain how you can secure your cPanel/WHM

Updated over a week ago

Use secure passwords

Insecure passwords are the most common security vulnerability for most servers. If an account password is unsecured and is compromised, client sites can be defaced, infected, or used to spread viruses. Having secure passwords is paramount to having a secure server. You can edit /etc/login.defs to configure many password options on your system. It is well documented. Generally, a password utilizing at least 8 characters including alphanumeric and grammatical symbols is sufficient. Never use passwords based upon dictionary words or significant dates.

Secure SSH

  • Enable public key authentication for SSH and disable password authentication.

  • Move SSH access to a different port. People are looking for port 22 as a possible way to access your servers. Moving SSH to a different port will add a simple way to deter those without specific knowledge of your server from easily discovering your SSH port.

Secure Apache

It is important to take steps to secure your Apache installation. One of the best tools for preventing malicious Apache use is mod_security. This can be installed in Addon Modules in the cPanel section of WHM. You can find information about mod_security at cPanel documentation. When compiling Apache, you should include suexec to ensure that CGI applications and scripts run as the user that owns/executes them. This will help identify where malicious scripts are and who is running them. It will also enforce permission and environment controls.

You should enable PHP’s open_basedir protection. This protection will prevent users from opening files outside of their home directory with PHP. This can be enabled in Tweak Security within WebHost Manager.

Secure your /tmp partition

We recommend that you use a separate partition for /tmp that is mounted with nosetuid. Nosetuid will force a process to run with the privileges of its executor. You may also wish to mount /tmp with noexec after installing cPanel. Also, running /scripts/securetmp will mount your /tmp partition to a temporary file for extra security.

Lock down your system's compilers

Most users do not require the use of C and C++ compilers. You can use the Compilers Tweak within Tweak Security in WHM to turn off use of the compilers for all unprivileged users, or to disable them for specific users only. Many pre-packaged exploits require working compilers. Disabling compilers will help protect against many exploits.

Turn off unused services and daemons

Any service or daemon that allows a connection to be established to your server is a way for hackers to gain access. To reduce security risks, you should disable all services and daemons that are not being used.

  • For Daemons on Linux – Check /etc/xinetd.conf for services that you are not using.

  • For Services – Go to the Service Manager in the Service Configuration section of WHM and disable any services that you are not using.

Monitor your system

It is important to be up to date on what is going on with your system. Make sure that you know when accounts are being created, what software is being installed, when software packages need updates, etc. Check your system frequently to ensure it is functioning in the way you expect. Make sure to check things like:

  • netstat -anp – Look for programs attached to ports that you did not install/authorize.

  • find / \( -perm -a+w \) ! -type l >> world_writable.txt – Look at world_writable.txt to see all world writable files and directories. This will reveal locations where an attacker can store files on your system. Note: Fixing permissions on some PHP/CGI scripts that are not properly coded will break them.

  • find / -nouser -o -nogroup >> no_owner.txt – Look at no_owner.txt for all files that do not have a user or group associated with them. All files should be owned by a specific user or group to restrict access to them.

  • ls /var/log/ – There are many different logs on your system which can be valuable resources. Check your system logs, Apache logs, mail logs, and other logs frequently to make sure your system is functioning as expected.

There are many readily available utilities to monitor your system and to detect rootkits, backdoors, etc. Here are some commonly available utilities:

  • Tripwire – Monitors checksums of files and reports changes.

  • Chkrootkit – Scans for common rootkits, backdoors, etc.

  • Rkhunter – Scans for common rootkits, backdoors, etc.

  • Logwatch – Monitors and reports on daily system activity.

Stay up to date

It is important to make sure that you are running the latest stable versions of the software on your system to ensure that it has been patched of any security issues that past versions may be susceptible to. Make sure to keep on top of updates for:

  • cPanel and WHM (automated)

  • User Applications (bulletin boards, CMS, blog engines, etc.) (within WHM)

  • System Software (automated)

Install ClamAV antivirus with daily scan

ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware, and other malicious threats on Linux.

ClamAV can either be installed manually on the server or activated through WHM.

Enable Two-Factor Authentication (2FA) in WHM

Adding 2FA ensures that even if a password is compromised, attackers cannot access WHM or cPanel without a second authentication factor.

  1. Log in to WHM as root.

  2. Navigate to: WHM » Security Center » Two-Factor Authentication.

  3. Click Manage My Account to set up your administrator account.

  4. Scan the generated QR code with an authentication app (Google Authenticator, Authy, or similar).

  5. Enter the 6-digit code from the app to confirm.

  6. Require users to configure 2FA by enabling the policy under the Manage Settings tab.

Enable Two-Factor Authentication (2FA) for cPanel Accounts

We also recommend to enable 2FA on each cPanel user:

  1. Log in to cPanel.

  2. Go to: cPanel » Security » Two-Factor Authentication.

  3. Click Set Up Two-Factor Authentication.

  4. Open an authenticator app on your mobile device (Google Authenticator, Authy, Microsoft Authenticator, etc.).

  5. Scan the QR code displayed in cPanel with the app.

  6. Enter the 6-digit code from the app into cPanel to confirm.

  7. Once confirmed, 2FA will be required for that account at every login.

Configure Backups

Backups protect you from data loss, corruption, or compromise.

  1. Log in to WHM.

  2. Navigate to: WHM » Backup » Backup Configuration.

  3. Enable the Backup Status option.

  4. Choose a Backup Type:

    • Compressed (saves space, more CPU).

    • Uncompressed (faster, uses more space).

    • Incremental (saves only changes, efficient).

  5. Define Backup Directory (default: /backup).

  6. Configure Retention (how many backups to keep).

  7. Add Remote Destinations (e.g., SFTP, Amazon S3, Google Drive) for off-server backups.

  8. Save configuration and run a test backup.

Enable and Configure cPHulk Brute Force Protection

cPHulk helps defend against brute-force login attempts on cPanel, WHM, SSH, and email services.

  1. Log in to WHM.

  2. Navigate to: WHM » Security Center » cPHulk Brute Force Protection.

  3. Enable cPHulk Protection.

  4. Under Configuration Settings, set:

    • Maximum failures per IP before blocking.

    • Maximum failures per account before blocking.

    • Brute force protection period (e.g., 15 minutes).

  5. Use the Whitelist Management section to add trusted IPs that should never be blocked.

  6. Use the Blacklist Management section for known malicious IPs.

  7. Enable Notifications so you’re alerted when brute-force attempts occur.

Related Articles
Execute cPanel scripts from SSH
Execute cPanel scripts from SSH
Secure your Windows VPS
How to Setup Password Authentication with Apache on Ubuntu
Getting started with cPanel/WHM
Did this answer your question?