How to make your server more secure via WHM December 4, 2024

This guide highlights the importance of server security in protecting your data, preventing breaches, and ensuring reliable website performance. WHM provides powerful tools and configurations to enhance server security effectively.

Steps to Secure Your Server via WHM:

1. Strengthen Password Policies:
   1. Go to WHM > Security Center > Password Strength Configuration.
      
   2. Set a high minimum password strength for all accounts.
   3. Encourage users to create complex passwords combining letters, numbers, and symbols.
      
2. Enable Two-Factor Authentication (2FA):
   1. Navigate to WHM > Security Center > Two-Factor Authentication.
   2. Activate 2FA to add an extra layer of security to WHM and cPanel logins.
   3. Ensure all admin and user accounts enable this feature.
      
3. Configure Brute Force Protection:
   1. Go to WHM > Security Center > cPHulk Brute Force Protection.
      
   2. Enable cPHulk to block repeated login attempts from suspicious IP addresses.
      
   3. Whitelist trusted IPs and configure notifications for blocked attempts.
      
4. Restrict Root Access:
   1. Navigate to WHM > Security Center > Manage Wheel Group Users.
      
   2. Remove unnecessary users from the wheel group, restricting root-level access.
      
   3. Use Host Access Control to limit SSH access to trusted IP addresses.
5. Disable Unnecessary Features:
   1.  Disable Anonymous FTP under WHM > Service Configuration > FTP Configuration.
      
   2. Disable Shell Access for users unless necessary via WHM > Account Functions > Manage Shell Access.
      
6. Secure DNS and Email Services:
   1. In WHM > DNS Functions, configure DNS zones to avoid spoofing and ensure records are correctly set.
   2. Use Mail Routing Settings to determine how emails are delivered, preferring secure configurations.
7. Update Software and Enable AutoSSL:
   1. Regularly update WHM/cPanel to the latest version for security patches.
   2. Navigate to WHM > SSL/TLS > Manage AutoSSL and enable AutoSSL to provide SSL certificates for all domains.
      
8. Set PHP open_basedir Protection:
   1. Enable PHP open_basedir Protection via WHM > Security Center > PHP open_basedir Tweak.
   2. This prevents users from accessing files outside their home directory using PHP.
9. Use ModSecurity for Web Application Security:
   1. Install and configure ModSecurity via WHM > Security Center > ModSecurity™ Vendors.
      
   2. Protect your server from web-based threats, such as SQL injections and cross-site scripting (XSS) attacks.
10. Monitor and Scan for Malware
    1. Install a malware scanner like ClamAV or use WHM’s built-in tools to perform regular scans.
    2. Check for Trojan Horses in WHM > Security Center > Security Advisor.
       
11. Backup Regularly:
    1. Set up automatic backups in WHM > Backup > Backup Configuration.
       
    2. Ensure critical data is safe and recoverable in case of an attack or failure.

Best Practices for Server Security

• Restrict IP Access: Use Host Access Control to allow connections only from trusted IPs.
• Use Secure Protocols: Always access WHM and cPanel over HTTPS.
• Enable Firewall Protection: Use a firewall like CSF (ConfigServer Security & Firewall) for additional protection.
• Review Logs: Regularly monitor server logs for suspicious activities.

By following these steps, you can guarantee your server is protected from common vulnerabilities and threats.

If you are thinking about starting a website and searching for affordable hosting, be sure to visit our cPanel Hosting page.