Top cPanel Security Tips to Keep Your Hosting Environment Safe

Why cPanel Security Matters

At UnderHost.com, we build security into our shared hosting, managed business hosting, and WordPress hosting infrastructure – but your cPanel configuration completes the protection. Follow these expert techniques to harden your environment:

1. Password Policies & Two-Factor Authentication

Eliminate the #1 attack vector:

• Enforce 12+ character passwords with special characters
• Enable 2FA in cPanel → Security → Two-Factor Authentication
• Consider our UnderMail for secure authentication emails

2. Keep Software Updated

Configure automatic updates in WHM:

WHM → Update Preferences → Enable "Automatic Updates"
WHM → EasyApache 4 → Update PHP/Apache stack

UnderHost’s UnderManagement handles this automatically for managed clients.

3. SSH Hardening

1. Disable root login in /etc/ssh/sshd_config
2. Change default port from 22
3. Implement key-based authentication
4. Restrict IP access in WHM → Security Center → SSH Access

4. Enable cPHulk Brute Force Protection

Configure in WHM → Security Center → cPHulk:

• Set reasonable attempt limits (5-10 failed logins)
• Enable email notifications
• Whitelist your IP addresses

5. Firewall Implementation

For UnderHost servers, we recommend:

• CSF (ConfigServer Firewall) with WHM integration
• Enable SPI, packet filtering, and port flood protection
• Regularly update firewall rules via WHM → Plugins → ConfigServer Security & Firewall

6. ModSecurity Web Application Firewall

Activate in WHM → ModSecurity™ Vendors:

• Use OWASP Core Rule Set (CRS)
• Create custom rules for your applications
• Monitor logs in WHM → ModSecurity™ Tools

7. AutoSSL Deployment

Ensure all domains have HTTPS:

1. WHM → SSL/TLS → Manage AutoSSL
2. Enable for all accounts
3. Set automatic renewal

For advanced SSL needs, explore our offshore hosting solutions.

8. IP Access Restrictions

Manage in cPanel → Security → IP Blocker:

• Block known malicious IP ranges
• Restrict admin areas to your office IP
• Combine with UnderHost Monitoring for real-time alerts

9. Service Minimization

Reduce attack surface in WHM → Service Manager:

Disable:
- FTP (use SFTP/SSH only)
- Unused PHP versions
- Legacy mail protocols

10. Proactive Monitoring

Essential monitoring tools:

• WHM → Logs → Latest Visitor
• Integrate UnderHost REALTIME Monitoring
• Review cPanel → Metrics → Bandwidth regularly

Enterprise-Grade Security with UnderHost

For mission-critical security:

• 10Gbps DDoS-protected servers with hardware firewalls
• Offshore hosting for legal protection
• Managed security services including weekly audits