BuycPanel Blog

BuycPanel Blog

Latest news and updates

6/17/2015 – Tips for cPanel and WHM Security

Posted by Jamison on 17 06 2015.

download-4Hosting automation services are a great help to web hosts and the owners of the websites they host. These services make it easier to manage and control servers and websites more efficiently. One very popular type of hosting automation is the control panel, with cPanel being one of the most sought-after.


While it is true that hosting automation, particularly cPanel, delivers numerous benefits, improperly handling and managing the interface may result in potential security concerns. This is the reason as to why web hosts, website owners, and users should be aware of how to keep their activities safe and secure.


Below are some of the tips that cPanel and WHM users are recommended to follow in order to keep their use of the hosting automation services secure.


  1. Always have cPanel and WHM up to date.


There are quite a number of updates rolled out by program developers that are only designed to resolve minor issues. However, there are also some that are launched in order to avert serious problems, particularly security concerns. Minor or major, these updates should always be applied on cPanel and WHM. It is best for cPanel and WHM users to set their interfaces to automatically receive these updates. This can be done by navigating to the WHM > Server Configuration > Update Preferences directory and configuring the panel to receive and apply automatic updates.


  1. Make the use of SSL mandatory among all users.


The use of SSL on the cPanel platform is optional. However, it is important that users should make it a requirement for other individuals who have access to the control panel. The main reason for this is simply because of the fact that there is actually no good reason at all not to. Most, if not all users do not actually have any need for just an http access.


It is easy to set https as a requirement for all cPanel users. These options can be found in the WHM > Server Configuration > Tweak Settings directory. Here, an option for “Always redirect to SSL” can be found. This should be selected. This way, even if a user types in http://, the website will be redirected to the secure version, which begins with “https”.


  1. All users should be required to create highly secure passwords.


A password is a form of a security, so cPanel users should make sure that they create one that will make it hard for hackers to launch potential exploits on their website. It is a sad but unfortunate truth that weak passwords are some of the most common exploited methods that hackers use to launch attacks. Weak passwords, despite being easy to remember, will leave any system vulnerable.


To ensure that highly secure passwords are used by all cPanel users, a specific password strength can be configured on the cPanel interface. This can be done by navigating to the WHM > Security Center > Password Strength Configuration directory and making the changes there.


While keeping cPanel and WHM secure takes more effort, it will be well worth it to perform these security tips to avoid leaving a system vulnerable to attacks and exploits.