How to make your server more secure via WHM December 4, 2024

To safeguard your data, stop illegal access, and guarantee reliable website performance, you must secure your server. WHM comes with several built-in technologies that help protect your server against frequent attacks. The most important WHM options you may set up to improve server security are described in this article.

Strengthen Password Policies

1. Navigate to WHM > Security Center> Password Strength Configuration.
   
   
2. For every user, set a strong minimum password strength (80 or higher is advised).
3. Instruct users to use uppercase, lowercase, numeric, and symbolic characters to generate difficult passwords.
   
   Brute-force attacks are less likely when password policies are tougher.

Enable Two-Factor Authentication (2FA)

1. Navigate to WHM > Security Center > Two-Factor Authentication.
   
2. Enable 2FA for WHM.
3. It is recommended that all cPanel users enable two-factor authentication (2FA) for their accounts.
   
   

Configure Brute Force Protection (cPHulk)

1. Go to WHM > Security Center > cPHulk Brute Force Protection.
   
2. Turn on cPHulk.
   
3. The Configuration Settings tab is the first one. You can monitor user account login attempts.
   
   
4. To track logins from particular IP addresses, enable IP address-based Protection as shown below.
   
5. The maximum number of failures per IP address in a single day can also be defined using the “One-day Blocks”.
   
   
6. You can specify how long unsuccessful logins will be kept in the Login History section (in minutes).
   
7. To be informed of logins and brute force users, you can configure notifications to send you an email.
   
8. Using the second tab, “Whitelist Management” you can add trusted IP addresses to your whitelist.
   
   This way, your server is protected from automated password-guessing attacks by cPHulk.

Restrict Root Access

1. Navigate to WHM > Security Center > Manage Wheel Group Users.
   
2. Remove users who should not have root-level (sudo) privileges.
3. Only trusted administrators should have elevated access.
   
   
4. Limit SSH Access: Use Host Access Control (WHM » Security Center » Host Access Control) to allow SSH access only from specific, trusted IPs.
   

Disable Unnecessary Features

Reducing unused services reduces a lot of potential areas of attack.

Turn off anonymous FTP.

1. Navigate to WHM > Service Configuration > FTP Server Configuration.
   
2. Select “No” to turn off anonymous FTP logins to stop illegal uploads.
   

Turn off shell access while not in use.

1. Navigate to Account Functions in WHM. Manage Shell Access.
2. Turn off SSH for those who do not require it.
   

Secure DNS and Email Services

1. Secure DNS Zones
Go to WHM » DNS Functions.
To avoid spoofing and incorrect setups, check and validate DNS zone entries.

2. Secure Email Routing
Email routing is set up for each cPanel account.
To prevent delivery problems or spoofing, select the appropriate routing option.

Keep Software Updated & Enable AutoSSL

Always run the latest version of WHM/cPanel to apply new security patches.

Enable AutoSSL

1. Go to WHM » SSL/TLS » Manage AutoSSL.
   
2. Enable AutoSSL to automatically install and renew SSL certificates for all domains.
   
   SSL ensures encrypted communication between browsers and the server.

Enable PHP Security Controls

1. Log in to WHM.
2. Go to Home > Software > MultiPHP INI Editor.
   
   
3. Click on Editor Mode.
4. Select the PHP version for which you want to enable open_basedir.
5. Scroll down and search for the open_basedir directive, which usually looks like:
   

   ;open_basedir =

6. Remove the semicolon (;) to activate the directive.
7. Set the recommended secure global path:

   open_basedir = "/home/:/usr/lib/php:/usr/local/lib/php:/tmp/"

   This restricts PHP file access to:

   • User home directories
   • Essential PHP system directories
   • Temporary directory
     while blocking access to other server paths.
8. Click Save to apply the configuration.
   
   

Use ModSecurity for Web Application Security

1. Install and configure ModSecurity via WHM > Security Center > ModSecurity™ Vendors.
   
2. Protect your server from web-based threats, such as SQL injections and cross-site scripting (XSS) attacks.

Monitor and Scan for Malware

1. Go to WHM > Security Center > Security Advisor.
   
2. Review the security warnings and recommendations.
3. Apply the suggested fixes (updates, firewall settings, SSH hardening, etc.).
4. Re-scan to confirm all issues are resolved.
   

Backup Regularly

1. Set up automatic backups in WHM > Backup > Backup Configuration.
   

2. Enable and schedule automatic backups.
   

3. Store backups in a remote location if possible.

4. Backups ensure you can restore your data quickly in case of an attack or failure.

Best Practices for Server Security

• Restrict IP Access: Use Host Access Control to allow connections only from trusted IPs.
• Use Secure Protocols: Always access WHM and cPanel over HTTPS.
• Enable Firewall Protection: Use a firewall like CSF (ConfigServer Security & Firewall) for additional protection.
• Review Logs: Regularly monitor server logs for suspicious activities.

By following these steps, you can guarantee your server is protected from common vulnerabilities and threats.

If you are thinking about starting a website and searching for affordable hosting, be sure to visit our cPanel Hosting page.