Tips to Improve Your cPanel Security

cPanel is a popular control panel for web hosting. It is part of almost every web hosting service. After all, it is easy to use from an end-user perspective. It is also secure, but not as secure that you might want it to be.

In this article, we will be sharing tips on how to improve your cPanel security. After implementing these tips, you will be sure that our website and cPanel is secure, and you can sleep without any worries. So, without any delay, let’s get started.

1. Use the latest version of cPanel

cPanel is always working towards releasing a more robust and secure version of their product. The key here is to improve their product with new features and also fix any vulnerabilities that are exposed in their last build.

As a user, you should always use their latest version to ensure that you get protection from the latest vulnerabilities. You can easily update your cPanel version by going to WHM > cPanel > Upgrade.

If you know scripting, typing the command can start the update easily.

#scripts/upcp – force

You can always ask your web hosting customer support to update your cPanel incase you are not sure what to do. Automatic updates should be turned on so that you don’t have to follow this step every time an update comes out. You can do it by going to WHM > Server Configuration > Update Preferences.

2. Put a secure password

The user is the weakest point in any security system. Yes, you read it right. A user can easily set a weak password. To secure your cPanel, you have to choose a strong password that you can remember or store somewhere safe. If you don’t, you are leaving your cPanel insecure against bots or hackers who will eventually gain access to your cPanel and infect your hosted websites. This can lead to tons of issues including spending money to fix it.

A secure password should have the following features.

  1. Minimum 8 characters long.
  2. Should contain a mix of alphanumeric, grammatical symbols and letters.
  3. Dictionary words or popular dates should be avoided.

If you are not sure whether your password is strong or not, you can use password generator tools to generate a strong password. You can also tweak server configuration and enable SSL so that your password doesn’t leak when you try to access your website or cPanel. This tip is also applicable to you if you are setting up a blog.

3. Secure SSH

SSH or Secure Shell is a way to access your server that is using cPanel remotely. If you are somewhat techy, you would surely love to use SSH as command line provides more flexibility when it comes to updating, fixing or implementing complex projects.

That’s why you should secure SSH so that hackers or third-party malicious actors cannot access it. You need to follow the below steps.

  • Ensure that your SSH packages are fully updated.
  • Setup a wheel user and disable the root user
  • Setup a password-less login

Now, let’s see how you can do the above steps. We will go through the 2nd and 3rd step as you should be able to figure out how to update your SSH packages.

To create a new wheel user, you need to use the following command.

adduser <wheel_user_name>

Once you type the above command and hit enter, you will be asked for a new password. You can also make an existing user a wheel user by going to WHM > Security Center. From there choose “Manage Wheel Group Users” > and click on “Add to Group.”

Once done, disable the root user by editing the SSH config file. Set the “PermitRootLogin” to “No.” Restarting tour SSH will ensure that your root user account is disabled. This is done to protect your SSH from the exploit. Root users are easily exploited and should not be used by you as well. The new wheel user needs to be used. 

The last step is to disable the password completely and enable key based authentication. This can be done by setting the Password Authentication value in the SSH config file to “no.”

You can find the SSH config file here: vi/etc/ssh/sshd_config

common security mistakes

4. Enable Brute-Force Protection

Brute force is one of the methods employed by the malicious actors to gain access to your cPanel. It is a way of hitting your server with a username/password combination until the match is reached. You can enable brute force protection through your Cpanel. To do so, you need to go to CPHulk Brute Force Protection. From there, go to the Security Center and click on “Enable,” 

By enabling it, anyone who tries to do brute force will get its IP blocked if there are too many unsuccessful login attempts. You can also block a particular IP or a range of IP if you want to.

5. Secure PHP and Apache

Two more aspects that you need to secure include the PHP and Apache. You can start securing Apache by installing ModSecurity, a module that specifies a new set of rules. It can protect your Apache server from methods such as code injection.

You might also want to disable some of the PHP functions so that it remains secure. For example, you need to turn off register_globals as it will prevent the server features to be secure and non-accessible from outside. You may also want to disable functions such as proc_open, passthru, shell_exec, allow_url_fopen, system, show_source, popen.

Also, don’t forget to restart Apache to make sure the changes take effect properly. Most of the VPS hosting reviews will mention if a hosting provides you to change these parameters or not. If they do, you are ready to go!

6. Enable Firewall

The firewall can act as an additional layer of protection. Firewall is pre-configured to protect you against most of the threats. You can install CSF package for your cPanel. It is one of the most popular firewall for cPanel. You can install it by typing the following commands one by one.

wget https://download.configserver.com/csf.tgz

tar zxvf csf.tgz

cd csf

./install.cpanel.sh

/etc/init.d/csf start

perl /usr/local/csf/bin/csftest.pl

vi /etc/csf/csf.conf

/etc/init.d/csf restart

Once the server restarts, you are all set to go.

Conclusion

Protecting your cPanel is as important as protecting your home. You should not leave it at default settings. So, which tips are you going to follow? Comment below and let us know. We are listening.

Author Bio: Elise Myers is an experienced web developer at WPCodingDev and a passionate blogger. She can help you in case you are looking for expert WordPress Developers to customize your website.

Author: Spyre Studios