cPanel WHM VPS Server Security Best Practices

/ VPS Hosting Blog

If you’re managing a web hosting server using cPanel & WHM, security should be your top priority. Cyber threats are constantly evolving, and failing to secure your cPanel/WHM VPS server can lead to data breaches, malware infections, and downtime that affects your clients and business.

In this blog post will cover the best security practices for cPanel & WHM VPS servers, including configuration tweaks, firewall setups, malware prevention, and essential monitoring techniques.

Why is cPanel WHM Security Important

As one of the most popular web hosting control panels, cPanel & WHM is a frequent target for hackers. Poorly configured servers can be exploited through brute force attacks, outdated software vulnerabilities, or misconfigured security settings. By implementing strong security measures, you can:

  • Prevent unauthorized access
  • Reduce the risk of DDoS attacks
  • Protect sensitive user data
  • Ensure server uptime and performance
  • Maintain compliance with industry regulations

1. Use Strong Passwords and Two-Factor Authentication (2FA)

One of the simplest yet most effective ways to secure your cPanel & WHM server is by enforcing strong passwords and enabling Two-Factor Authentication (2FA).

Steps to Enable 2FA on WHM:

  1. Log in to WHM.
  2. Navigate to Security Center > Two-Factor Authentication.
  3. Enable 2FA and require all users to set up authentication using an authenticator app like Google Authenticator or Authy.

🔗 Official cPanel Guide on 2FA

Best Practices for Strong Passwords:

  • Use a mix of uppercase, lowercase, numbers, and special characters.
  • Avoid common passwords or dictionary words.
  • Change passwords regularly.
  • Use a password manager to generate and store complex passwords securely.
  • Implement password rotation policies to ensure that passwords are updated periodically.
  • Restrict users from reusing previous passwords to enhance security.

2. Change Default cPanel/WHM Ports

By default, cPanel and WHM use:

  • 2082/2083 (cPanel)
  • 2086/2087 (WHM)
  • 2095/2096 (Webmail)

Hackers often scan for these ports to launch brute-force attacks. Changing these ports to non-standard ones can improve security.

How to Change WHM Port:

  1. Log into WHM and go to Service Configuration > Service Manager.
  2. Change the port numbers for cPanel, WHM, and Webmail.
  3. Restart cPanel services to apply changes.

Additional Steps for Port Security:

  • Ensure unused ports are closed and only necessary ports are open in the firewall settings.
  • Consider using port knocking as an additional security layer to hide ports from unauthorized access.
  • Use TCP Wrappers to restrict access to specific IPs.
  • Implement DDoS protection measures such as rate limiting and using services like Cloudflare to block malicious traffic.

3. Enable CSF (ConfigServer Security & Firewall)

A firewall acts as your first line of defense against malicious traffic. CSF (ConfigServer Security & Firewall) is a popular choice for cPanel servers.

How to Install CSF on WHM:

cd /usr/src/
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Once installed, configure it via WHM:

  • Go to WHM > Plugins > ConfigServer Security & Firewall
  • Adjust settings such as allowing only trusted IPs and blocking failed login attempts

🔗 CSF Official Documentation

Recommended CSF Settings:

  • Enable SYN Flood Protection to prevent denial-of-service attacks.
  • Limit SSH connections per IP to prevent brute-force attempts.
  • Block repeated failed login attempts to WHM/cPanel.
  • Whitelist trusted IP addresses to avoid false positives.
  • Enable country-based blocking if your server only serves specific regions.
  • Use Connection Tracking to monitor connections and block unusual spikes in traffic.

4. Use ModSecurity to Prevent Attacks

ModSecurity is a Web Application Firewall (WAF) that helps prevent common security threats like SQL injections, cross-site scripting (XSS), and brute-force attacks.

How to Enable ModSecurity:

  1. Log in to WHM.
  2. Go to Security Center > ModSecurity Configuration.
  3. Click Enable ModSecurity.
  4. Customize rules under ModSecurity Tools.

Best Practices for ModSecurity:

  • Use OWASP ModSecurity Core Rule Set (CRS) for maximum security.
  • Regularly update custom ModSecurity rules based on server activity.
  • Monitor ModSecurity logs to detect false positives.
  • Use Cloudflare WAF as an additional layer of protection for public-facing websites.
  • Implement custom security rules to block common attack patterns.
  • Enable Geo-blocking to restrict access from high-risk countries.

5. Enable AutoSSL for HTTPS Security

Additional SSL Security Measures:

  • Enforce HSTS (HTTP Strict Transport Security) to prevent downgrade attacks.
  • Use strong TLS versions (Disable outdated SSL protocols like TLS 1.0 and TLS 1.1).
  • Implement OCSP Stapling for faster SSL verification.
  • Require Secure Cookie Attributes to prevent session hijacking.
  • Regularly scan SSL configurations using tools like SSL Labs SSL Test.

6. Regularly Update cPanel, WHM, and System Software

Additional Steps for Updating:

  • Use automated update scheduling to apply patches without manual intervention.
  • Set up a staging environment to test updates before deploying them on live servers.
  • Enable kernel live patching to apply security fixes without rebooting the server.

7. Secure SSH Access

Additional SSH Security Measures:

  • Use IP Whitelisting to restrict SSH access only to authorized IPs.
  • Implement Port Knocking to hide SSH from unauthorized users.
  • Deploy multi-factor authentication (MFA) for SSH logins.
  • Regularly audit SSH login logs for unusual activity.

8. Implement Regular Backups

Best Practices for Backups:

  • Maintain multiple backup copies in different locations (local, remote, and cloud backups).
  • Use incremental backups to save storage space while keeping frequent snapshots.
  • Automate daily backups using cPanel’s backup tools.
  • Test backup restorations regularly to ensure they work properly.
  • Encrypt backups to prevent unauthorized access.

9. Scan for Malware and Viruses

Advanced Malware Protection:

  • Install ImunifyAV or Maldet (Linux Malware Detect) for real-time malware scanning.
  • Enable cPanel’s Virus Scanner to check uploaded files.
  • Schedule daily malware scans and set up automated alerts.
  • Block malicious IPs using Realtime Blackhole Lists (RBLs).
  • Monitor server files using tripwire or AIDE (Advanced Intrusion Detection Environment).

10. Monitor Server Logs and Activity

Recommended Monitoring Tools:

  • Use LogWatch to analyze system logs.
  • Implement Real-time Intrusion Detection Systems (IDS) to track unauthorized access.
  • Set up notifications for failed login attempts using CSF/LFD.
  • Regularly review logs from Apache, MySQL, and cPanel access logs.

By following these cPanel WHM server security best practices, you can protect your server from cyber threats and ensure a secure hosting environment.