BuycPanel Blog

BuycPanel Blog

Latest news and updates

7/22/2015 – Disabling the Non-SSL Login for cPanel & WHM

Posted by Jamison on 22 07 2015.

A non SSL login allows visitors to enter your website through an unencrypted home page.  Conversely, a homepage with SSL prompts users to key in login details such as username and password.  When you see the golden padlock icon, you are assured that the page you are visiting is secure.

 

Few resort to non SSL logins to improve response time since pages would load fast without the SSL-related performance.  However, visitors can then be wary when sharing personal information such as personal names, email addresses, credit card details, and phone numbers particularly on e-commerce transactions.  Although a web host company may promise total security and integrity in keeping a client’s personal information, they cannot guarantee that there wouldn’t be an encryption between the server and the client delivered via HTTP.

 

A malicious hack can intercept the transaction and simply retarget the web post to a HTTPs site it manages.  It could deploy…

A non SSL login allows visitors to enter your website through an unencrypted home page.  Conversely, a homepage with SSL prompts users to key in login details such as username and password.  When you see the golden padlock icon, you are assured that the page you are visiting is secure.

 

Few resort to non SSL logins to improve response time since pages would load fast without the SSL-related performance.  However, visitors can then be wary when sharing personal information such as personal names, email addresses, credit card details, and phone numbers particularly on e-commerce transactions.  Although a web host company may promise total security and integrity in keeping a client’s personal information, they cannot guarantee that there wouldn’t be an encryption between the server and the client delivered via HTTP.

 

A malicious hack can intercept the transaction and simply retarget the web post to a HTTPs site it manages.  It could deploy a network poisoning that can result in degradation to your system performance.  Worse, unencrypted communication means allowing others to “steal” your user’s passcodes and take control of their personal online financial controls.  Furthermore, others can reuse the stolen login details on other websites or worse, to access other financial commerce sites.  Allowing a non SSL login on your home page may then instantaneously equate to questionable security for users and visitors.

 

As such, it is advisable for you to disable the use of unsecured ports by disabling the non SSL logins.  To disable the non SSL log in for cPanel and WHM, follow the steps below:

 

STEP 1: Login to your WHM.

 

STEP 2: Navigate to “Server Configuration.”

 

STEP 3: Select “Tweak Settings.”

 

STEP 4: Check the option below to ON. “Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc.”

 

This will now redirect your users to secure ports with the /cpanel, /whm, and /webmail aliases.  The following secured versions will now be used: 2083 for cPanel, 2087 for WHM, and 2096 for webmail.

 

Meanwhile, there may be times you need to disable cPanel redirection to SSL when you are having issues in accessing your server or cPanel account.  In this regard, you will want to access your cPanel and WHM via standards ports such as 2082, 2086, and 2095.  2082 is for cPanel, 2086 is for WHM, while 2095 is for webmail.

 

To enable non SSL login for cPanel and WHM, simply backtrack the steps you performed on enabling your security ports.  Perform the following steps below:

 

STEP 1: Login to your WHM.

 

STEP 2: Navigate to “Server Configuration.”

 

STEP 3: Select “Tweak Settings.”

 

STEP 4: Uncheck the option below. “Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc.”

 

STEP 5: Navigate to “Security” also in “Tweak Settings” and uncheck the option below. “Require SSL for all remote logins to cPanel, WHM and Webmail. This setting is recommended”.

 

When you now try to go to your domain.com/cpanel, your system should already not redirect you to https.