BIP KB:
How To Secure cPanel After Install
Article By tasia
![]() |
Secure cPanel IntroductionThis guide is intended to give some basic steps to Secure cPanel after the initial installation. Please see our Initial Setup Guide if you have not already completed it. |
Tweak cPanel Settings
Under Main » Server Configuration » Tweak Settings, enable (E) or disable (D) the following options:- Prevent users from parking/adding on common internet domains. (E)
- Attempt to prevent pop3 connection floods (E)
- The default catch-all/default address behavior for new accounts (Blackhole)
- Use jailshell as the default shell for all new accounts and modified accounts (E)
- Always redirect users to the SSL/TLS ports when visiting /cpanel, /webmail, etc. (E)
You must first generate server SSL certificates for your hostname at Main » Service Configuration » Manage Service SSL certificates.
- BoxTrapper Spam Trap (D)
- Allow cPanel users to reset their password via email (D)
- Send passwords in plaintext over email when creating a new account (D)
- Only permit cpanel/whm/webmail to execute functions when the browser provides a referrer (E)
Apache Settings For cPanel
Under Main » Service Configuration » Apache Configuration » Global Configuration, perform the following:- SSLCipherSuite: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
- TraceEnable: Off
- ServerSignature: Off
- ServerTokens: Product Only
- FileETag: None
- MaxRequestsPerChild: 1000
PHP Settings
First and foremost, we recommend enabling SuPHP for security reasons. Please see the following article: Enabling SuPHP.Also recommended are the following PHP settings. Please be aware of the implications of each and their effect on your scripts (i.e. may break some poorly-coded/older scripts). The PHP configuration file, php.ini, can be edited inside the WHM under Main » Service Configuration » PHP Configuration Editor and switching to Advanced Mode.
- enable_dl = Off
- disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen
- register_globals = Off
cPanel FTP Settings
Found under Main » Service Configuration » FTP Server Configuration:- Allow Anonymous Logins: No
- Allow Anonymous Uploads: No
- Allow Logins with Root Password: No
cPanel Miscellaneous Tweaks
- Main » Security Center » Shell Fork Bomb Protection (E)
- Main » System Health » Background Process Killer (E)
- >Main » Security Center » Compiler Access (D)
Final Notes
We also recommend installing a firewall and brute force detection mechanism such as the free firewall CSF. Other options includeAPF+BFD, or custom iptables rulesets.Tags: dontwaittoeducate, cpanel, how-to, administration, Secure cPanel, suphp
Spin Up A VPS Server In No Time Flat
Simple Setup
Full Root Access
Straightforward Pricing
DEPLOY A SECURE VPS SERVER TODAY!Leave a Reply
Feedbacks
![]() This work is licensed under a Creative Commons Attribution- NonCommercial-ShareAlike 4.0 International License. |