🛡️ Security TIPS for cPanel
Essential security guidelines to protect your cPanel server and ensure safe administration. Follow these best practices to maintain a secure hosting environment.
🔐 Login to cPanel and WHM Safely
Always use secure connections when accessing your control panels. Never use IP addresses for login - always use domain names with valid SSL certificates.
✅ Secure Login Methods (Recommended):
If your domain name is example.com, always login with:
cPanel Login:
https://example.com:2083
WHM Login:
https://example.com:2087
🎯 Alternative Secure Login:
cPanel: https://example.com/cpanel
WHM: https://example.com/whm
⚠️ Insecure Login Methods (Not Recommended)
The following methods transmit your credentials in plain text and should be avoided:
cPanel (HTTP):
http://example.com:2082
WHM (HTTP):
http://example.com:2086
🚨 Security Risk:
Using HTTP connections exposes your login credentials to potential interception. Always use HTTPS when possible!
🔢 cPanel/WHM Port Reference
Quick reference for cPanel and WHM port numbers:
| Service | Port Number | SSL Enabled | Protocol |
|---|---|---|---|
| cPanel (Secure) | 2083 | ✅ YES | HTTPS |
| cPanel (Insecure) | 2082 | ❌ NO | HTTP |
| WHM (Secure) | 2087 | ✅ YES | HTTPS |
| WHM (Insecure) | 2086 | ❌ NO | HTTP |
🔥 Install CSF Firewall Protection
Protect your server with ConfigServer Security & Firewall (CSF). This powerful firewall provides comprehensive protection against various attacks.
Install CSF Firewall:
cd /usr/src wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh
Test CSF Required Modules:
perl /usr/local/csf/bin/csftest.pl
✅ Installation Success:
Don't worry if you cannot run all features, as long as the script doesn't report any FATAL errors, CSF will work properly.
📖 Full Installation Manual: https://www.configserver.com/cp/csf.html
🔑 Secure SSH Configuration
Default SSH port (22) is commonly targeted by attackers. Change it to a custom port for enhanced security.
Change SSH Port:
1. Edit SSH configuration file:
nano /etc/ssh/sshd_config
2. Find and modify the Port line:
# Change from: #Port 22 # To (example): Port 1527
3. Save the file and restart SSH service:
service sshd restart
🚨 Important Steps:
1. Open the new port in your firewall BEFORE restarting SSH
2. Test the new port with a separate connection
3. Keep your current SSH session open until confirmed working
Open New SSH Port in CSF:
nano /etc/csf/csf.conf
Add your new port (1527) to the TCP_IN and TCP_OUT lists, then restart CSF:
csf -r
🎯 Additional Security Best Practices
Strong Password Policy:
• Use complex passwords with mixed case, numbers, and symbols
• Enable two-factor authentication when available
• Regularly update passwords for all accounts
Keep Software Updated:
# Update cPanel/WHM /usr/local/cpanel/scripts/upcp # Update system packages yum update -y # CentOS/RHEL apt update && apt upgrade -y # Ubuntu/Debian
Monitor Log Files:
# Check SSH login attempts tail -f /var/log/secure # Monitor cPanel access tail -f /usr/local/cpanel/logs/access_log # Check firewall blocks tail -f /var/log/lfd.log
🔍 Regular Security Audits:
• Review user accounts and permissions monthly
• Check for unusual file modifications
• Monitor bandwidth and resource usage
• Review firewall logs for suspicious activity
🚨 Emergency Security Measures
If you suspect a security breach, take immediate action:
Immediate Response:
# Block all traffic temporarily csf -d # Check current connections netstat -an | grep ESTABLISHED # Review recent logins last -n 20
Change All Passwords:
# Change root password passwd root # Change cPanel admin password /usr/local/cpanel/bin/set_hostname_password