cPanel Security is essential to protect your website from hackers danger, in many cases if hackers can’t get into the website directly, they will attack the server space.
In this case, cPanel account will be in the first thing hackers try to break, so you need to secure your cPanel account in addition to protecting your website.
On the upcoming lines, we will show you the most important cPanel Security tips to keep your server safe.
How to enhance cPanel Security in 7 steps?
Keeping cPanel updated is a vital tool to protect your security. make sure you have the latest version in-line.
You can update the cPanel from WHM, open cPanel, Upgrade to Latest Version, or turn on the automatic updates. Go to WHM > Server Configuration > Update Preferences.
2. Use a strong password:
Using a strong password is a common-sense solution to secure your cPanel, there’re many ways to make a strong password like using at least 8 characters including alphanumeric and grammatical symbols, or simply use a Password Generator tool to get a strong one.
SSH is a remote connectivity tool in Linux which helps users to log into a remote machine and execute commands.
You can Secure SSH in this ways:
- Update SSH packages to the latest stable version.
- Setup Wheel User:
When you are logged into root user, create a new user, you will then be asked a few questions.
Hit “Enter” once you are done with setting a password.
- Disable Root User:
Open SSH config file > Set PermitRootLogin to ‘No’ > Restart SSH
Once you have terminated the session, you can’t log in as a Root user. To log in, use the new user you just created or the existing one.
- Disable password authentication and allow SSH access only by key-based authentication.
Open SSH Config file (vi /etc/ssh/sshd_config) > Edit the Password Authentication to “no”
Password authentication in the server is disabled now. Generate SSH key in the host machine > ssh-keygen
If you hit ‘Enter’, the key will be placed in ‘/home/user/.ssh/id_rsa’ by default.
4.Secure Apache and PHP:
enable ModSecurity to secure Apache from attacks like code injection.
WHM > Plugins > ModSecurity
- Configure suEXEC for executing the CGI scripts and suPHP as the PHP handler. Enable suEXEC and suPHP by browsing to WHM > Service Configuration > suEXEC.
- Change the PHP handler to suPHP, turn Apache suEXEC to ‘On’ and ‘Save’ New Configuration.
- Enable PHP open_basedir protection: It prevents PHP scripts from files outside of its home directory.
- WHM > Security Center > PHP open_basedir Tweak > Enable PHP open_basedir Protection > Save.
- Disable some of the PHP functions:
- WHM > Service Configuration > PHP Configuration Editor > Select Advanced mode > register_globals: Off
- The register_globals setting controls how you access server, form, and environment. If it is on, anything passed via GET or POST or COOKIE automatically appears to be the global variable in the code, this might have security consequences.
- Disable_functions: allow_url_fopen, proc_open, popen, phpinfo, exec, passthru, shell_exec, system, show_source.
- “Save” the settings and restart Apache after this.
5.Enable Brute-Force Protection
Brute-Force protection is a feature that blocks IPs that repeated unsuccessful attempts to access the server.
To activate this feature: “CPHulk Brute-Force Protection > Security Center > Enable”
Under “IP Deny Manager” option, you can also block a particular IP address, domain name, or range of IP addresses from accessing a site managed by cPanel.
Having a strong Firewall is the most important part of cPanel security, so get a strong Firewall and keep it enabled.
7.Plugins for cPanel Security
Finally, You should get some Plugins for cPanel Security, like RKHunter and ConfigServer eXploit Scanner (cxs)