🔔 🔔 🔔 Duyuru: 24. Yılımıza özel indirimler sizleri bekliyor ! Kampanya Kodu : TDATA2024 | Detaylı bilgi için tıklayınız.

cPanel security settings checklist

cPanel security settings checklist

You always use cpanel recommended Security Settings to avoid hacking and other suspicious activity. These  cPanel Server Hardening & Security tips will help prevent from hacking.

cPanel security checklist

This checklist pertains to the Tweak Settings interface of WHM. You can access the Tweak Settings interface at WHM >> Server Configuration >> Tweak Settings.

Enable HTTP Authentication
Leaving this option disabled enables cookie authentication, helping to prevent certain types of XSRF attacks.
Cookie IP Validation
Enabling this option limits the ability of attackers who capture cPanel session cookies and attempt to access the cPanel and WHM interfaces. For this setting to work best, you should also disable proxy domains.
Proxy Subdomain Creation
Disabling this option prevents cPanel, webmail, webdisk, and WHM proxy subdomain DNS entries from being added to new accounts.
Require SSL
Enabling this option requires logins from remote locations to use SSL.
Security Tokens
Enabling this option requires that security tokens be used to access any interface associated with cPanel & WHM. This helps to prevent XSRF attacks.
Block Common Domains Usage
Enabling this option prevents users from adding or parking common Internet domains, such as hotmail.com or google.com.
Initial default/catch-all forwarder destination
Selecting Bounce for this option causes the server to automatically discard unroutable email sent to your server’s new accounts. This option is the best at protecting your server against mail attacks.


Verify the following Security Center Checklist

You can access WHM’s Security Center features at WHM >> Security Center. Many of these features will help to secure your server.

Password Strength Configuration
This feature allows you to specify a minimum password strength for accounts hosted by your server.
A value of 50 or greater.
PHP open_basedir Tweak
Enabling this option requires users to manually specify the open_basdir setting in their relevant php.ini files if PHP is configured to run as a CGI, SuPHP, or FastCGI process.
Apache mod_userdir Tweak
Enabling this option prevents users from bypassing bandwidth limits by accessing their sites using a tilde (~), username, and hostname (e.g. http://example.com/~user).
Compiler Access
Disabling compiler access for unspecified users will help prevent attacks on your server.
Manage Wheel Group Users
This feature allows you to define users who can use the su command to become the root user.
Remove all users except for root and your main account.
Shell Fork Bomb Protection
Enabling this option prevents users with terminal access from using all of the resources on the server.
Note: Enabling this option may cause resource shortage problems as this setting heavily limits various resources.
FTP Configuration Disable Anonymous FTP
Manage Shell Access Disable shell access for all other users.
cPHulk Brute Force Protection
If you enable this option, you should add trusted IPs using the White/Black List Management tab. This will prevent you from being locked out if someone attempts to brute force your server.


Disable Identification Output for Apache

Log into WHM and access the Apache Global Configuration feature (located at WHM>> Service Configuration >> Apache Configuration >> Global Configuration).
Select Off (PCI Recommended) from the ServerSignature pull-down menu.
Click Save.

Install mod_security — This module is an open-source web application firewall.

Install CSF firewall   – Recommented firewall for cpanel servers.

suPHP — This module causes PHP scripts to run as the owner of the script versus the nobody user.

Suhosin — This module is an advanced protection system for PHP installations. For more information, read the Suhosin website.

You can verity this important php security settings.

Bu cevap yeterince yardımcı oldu mu?

Diğer Dökümanlar

  • What is cPanel and how to access it?

    CPanel is a fully featured web-based control panel that allows you to manage your domain through a web interface. cPanel gives you complete control over a vast amount of functions, streamlining...

  • CloudFlare Plugin install on cpanel

    CloudFlare is a performance and security service. With 14 points of presence around the world, a website on CloudFlare typically loads twice as fast, uses 65% less server resources, saves 60% of...

  • Enable Cronjob in cpanel and examples

    What is cron? It is the scheduling daemon of the Linux operating system Cron jobs allow you to automate repetitive tasks on the server that hosts your web site. This is a powerful tool that allows...

  • What is Anonymous FTP and how to enable it

    Anonymous FTP allows you and others that you give permission to, to access your “public_ftp” folder. There are two options available: 1. ftp://ftp.yourdomain.com –This allows...

  • Unable to connect cpanel using IP/whm and IP/cpanel

    If cpanel cannot be accessed using IP/whm and IP/cpanel, but can be accessed using IP:2086 and IP:2082, then here goes the solution for the same. The reason for this issue due to missing some...