Web SecuritycPanel

10 Easy Tips for Securing Your cPanel Server

Just as gaining expertise in operating the server is quite complex, securing your server also involves learning complicated and multifaceted subjects that may take years for you to comprehend and practice effectively. However, due to ever-growing cybercrimes, it becomes essential for administrators to efficiently generate and deploy a comprehensive array of security measures on their servers in order to counter attacks and data breaches. The security measures vary from a range of implementing simple, secure passwords to deploying complex updated encryption protocols. Fortunately, with the cPanel server, you can execute simplistic protocols and layers for security purposes. 

Let us introduce you to the ten straightforward techniques to considerably enhance your cPanel server security within a minimum span of time. 

10 Tips for Securing your cPanel

1. You must secure the SSH.

The SSH is an acronym for Secure Shell, which is an encrypted protocol. However, as an administrator, you must take a few steps in order to strengthen the security during the configuration. Go through the steps mentioned below to enhance the security of your SSH.

Step 1: Change the SSH Port.

If you let your SSH port at its default value of 22, you will be making your server vulnerable to cyber attacks. Therefore, to save your server from unnecessary attacks, you must select some random port. This way, you will make it difficult for the potential cybercriminals to determine the SSH location.

Step 2: Disable the root login. 

Disabling the root login will let you append an additional layer of security and further intensify your SSH. You will only have to disable the root user and then build a different user to access the server.

Step 3: Disable the SSH V1.

It is necessary to disable the predecessor of SSHv2, i.e., SSHv1, as it is less secure and outdated. Now that we have the SSHv2, you must increase your server security by disabling SSHv1.

2. You must enable cPHulk Protection.

In a brute force attack, the hacker attempts to guess your web server’s password through an automated system. You need to implement some protection against such brute force attacks. This is where cPhulk works. The cPhulk is a service that can be utilized with ease and helps to prevent your server from such attacks. You will only have to enable the cPhulk option. It can be done as –

Login to WHM >Security Center > cPHulk Brute Force Protection > click on Enable.

After following these steps, the cPhulk will start functioning. You also have the privilege to set custom rules dependent on the cPanel username, IP address, and other parameters. When a set number of attempts to log in happens that get failed back to back, cPhulk will block any additional attempts from the respective IP address that is being utilized. Moreover, if you possess any static IP, it will be great to add that IP address to the Whitelist Management. This will prevent you from getting locked out of your own server.  

3. You need to set up ConfigServer Firewall (CSF).

CSF (ConfigServer Security and Firewall) is recognized as one of the most prevalent firewalls for cPanel servers. It helps in executing two major security ways at the same time. First, it acts as a firewall by scanning various authentication log files. Second, it scans the server regularly and provides personalized recommendations in order to enhance the server’s security. 

Additionally, with the ConfigServer Security and Firewall, it will let you have access to a number of beneficial features like “View System Logs”, IPTable Logs, IFD statistics, and many others. Furthermore, it is quite effortless to install CSF on your server with cPanel. 

4. You should set up ClamAV antivirus.

The Linux operating system servers tend to possess more in-built recoils to viruses than their Windows-based counterparts. However, it is always recommended as being wise to install a supplemental antivirus application. The ClamAV is one such antivirus plugin that can serve as a supplemental antivirus application on your server. It is simple to install and is also one of the famous open-source antivirus plugins for cPanel servers. Further, it permits you to scan your home directory and emails for potentially malicious files. You will be glad to know that the ClamAV antivirus will let you scan any particular cPanel account with cPanel user-level access.

5. You must configure Host Access Control.

There are situations where you will need to permit particular services to an individual IP only. To make that happen, you have to configure your Host Access Control accurately. It will let you build rules for approving or denying server access depending upon the user’s IP address. You will be required to deny all connections except allowing the connections that you desire to continue with. This serves as the most secure practice for boosting the security of your server against any brute force attacks over the specific ports.

So, to configure a rule with Host Access Control, three things will be required by you. They are as-

  • The service for which you wish to build a rule
  • The IP address for which you want to allow or deny rights
  • The specific action that is needed to be taken such as Allow or Deny.

6. You must disable FTP and make use of SFTP instead.

In the FTP, plain text is utilized for the transmission of all the data between the client and server. The plain text makes it feasible for an eavesdropper to attempt to retrieve your confidential information that can incorporate login credentials, private messages, etc. However, on the contrary, SFTP, which is an acronym for SSH File Transfer Protocol, enables the encryption of both commands and data. Therefore, with the SFTP, you will be able to secure your passwords and sensitive information from getting transmitted in plain text over the network.

7. You should disable Apache Header Information.

Your cPanel server signature consists of information including Apache and OS version details. It is very vital to get this information secured from seeking public eyes. Thus, you can hide the information using WHM login and then disable Apache Header Information. 

8. You must hide PHP Version Information.

Just like you need to disable Apache Header Information, there is also a high need to hide the PHP version information. You must never expose PHP version information to third parties. 

9. You can set up Cron Job To Run ClamAV daily. 

As you know, on the server, your files will be added, updated, or deleted quite frequently. Thus, it becomes essential to ensure that all new changes that are being made get secured and properly scanned with an anti-virus application. You can utilize the ClamAV scanner cron job to run weekly scans that will automatically begin during “Off-hours” and secure all the modification actions. 

10. You must disable Ping Request.

A ping is basically an ICMP (Internet Control Message Protocol) request. It is always wise to disable the ping request to avoid “Ping of Death” and “Ping Flood” attacks.


You can rest assured that the vulnerability of your server to cyber attacks will be lessened after executing the security measures discussed above to your virtual private server or dedicated server. Your server will get secured both internally and externally. The above-mentioned security measures will let you boost the system’s safety within a few hours. Your cPanel server will become capable of fighting against various threats. Moreover, you also need to be frequently updated with what is happening in the industry, server security world, and web market to optimize your system’s security from time to time. This way, you can ensure that your cPanel server and your web business are being secured for the years to come. 

Arpit Saini

He is the Chief Technology Officer at Hostbillo Hosting Solution and also follows a passion to break complex tech topics into practical and easy-to-understand articles. He loves to write about Web Hosting, Software, Virtualization, Cloud Computing, and much more.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *