For the past couple of decades, the cPanel has been the most preferred choice amongst webmasters and web hosting service providers. It’s user-friendly interface and efficient automation tools make it the perfect choice amongst leading web hosting service providers like Namecheap, GoDaddy, and MilesWeb.
However, like any other application, even the cPanel is prone to security breaches that can expose sensitive data or interrupt the smooth functioning of your business. The only way to prevent that from happening is by ramping up your security and that is precisely what we are about to discuss. In this guide, we will take you through the best security measures that you can implement right away to keep your cPanel secure, so let’s get started.
Password Rules and Management
To avoid your cPanel password from being compromised, you need to start by setting strong password rules for yourself and also for other cPanel users. You can do that on your cPanel by navigating to ‘Password and Security’ under ‘Preferences’ where you can use the password generator tool to set a strong password.
Doing this is your first line of defense against cybercriminals who make use of sophisticated software to “guess” passwords and gain unauthorized access. Also, it is strongly recommended that you avoid saving your cPanel’s password on your computer or other devices. So, stick to manually typing it in before each login session.
You also need to build a strong defense against data sniffing, which can compromise your cPanel’s password. This can be taken care of by enabling SSL in order to access cPanel through ‘Tweak Settings’ under ‘Server Configuration. And for that you have to buy an SSL certificate from trusted SSL provider like a Clickssl.net for the encrypted cPanel communication.
Use the SSH
Your computer uses the cPanel to remotely access and manage the webserver, which in most cases belongs to the hosting service provider. So, while your computer is communicating with the webserver, there is every possibility of unauthorized interception. This is precisely what the Secure Shell (SSH) certificate prevents through encryption of the data transmitted between the two systems.
So, make sure you have the SSH up and running because not all web hosting service providers do this by default.
To set up your SSH Key, follow the below-mentioned steps.
- Go to SSH Access
- Click on Manage SSH Keys
- Add in the password using the ‘Generate Password’ option
- Save the password in a secure location and complete the process
- Authorize the Key on the interface by clicking on ‘Manage’ next to the key
- Import the Public SSH Key that your computer uses
- Paste the keys in the appropriate text boxes and set the passphrase and click on ‘Import’
Now that you have installed it, make it a point to check if your SSH packages are updated from time to time.
Defend Brute Force Attempts
Like all passwords, even your cPanel’s password can be compromised through a brute force attack, which accounts to eighty percent of all cyberattacks. Brute force cyberattack involves using a sophisticated software application to continuously guess passwords for a particular username. So, there are likely to be multiple unsuccessful attempts from a specific IP address. In your cPanel, you can limit the number of login attempts made by a particular IP to safeguard against this type of cyberattack.
To do that, you can define the maximum number of permissible attempts under the cPHulk. You can do this by navigating to the ‘Security Center’ and configuring the necessary settings. However, to do this, you first need to enable the SSH certificate and then go about it.
Secure your PHP
If you use WordPress to run your website, then you ought to know that it is built using PHP, and so are the themes and plugins. Even if you do not use WordPress, disabling certain PHP functions is recommended because most leading CMS are built using PHP. So, close to 79% of websites use PHP Server-side script in one way or the other and are therefore exposed to PHP vulnerabilities. Some common PHP vulnerabilities include unverified executable files and error messages containing sensitive information, resulting in data leaks. To prevent this and more, you need to disable PHP functions like the exec, shell_exec, proc_open, popen, show_source.
Check if your cPanel is up-to-date
In its twenty years of existence, CPanel’s team has always actively released updates to fix security bugs and other issues. So, to benefit from these consistent efforts, you need to install the most recent updates from time to time. The best way to go about it is by setting up automatic cPanel updates by modifying the preferences under ‘Server Configuration’.
Install Firewall and Antivirus
You can prevent a great deal of trouble by installing an active Firewall and Antivirus to protect your cPanel from malware and viruses. Speaking of Firewall, it is highly recommended that you install a reliable security tool like ConfigServer Firewall (CSF). This is one of the most sought-after cPanel Firewalls because it comes with a variety of security features such as restricting public access and limiting it only to certain specific services such as FTP login, website loading, and to check emails.
Coming to cPanel Antivirus, Clam Antivirus (ClamAV) is the most recommended cross-platform application that can easily detect several types of malware. Both CSF Firewall and ClamAV are available for free and are highly recommended by security experts. However, you need to keep these security tools up-to-date at all times.
Your cPanel dashboard allows you to access and interact with the webserver and being able to do this in a secure manner is critical to protect your websites. Therefore, you simply cannot neglect its upkeep and must check its configurations periodically. The abovementioned security settings and measures are definitely going to improve your cPanel’s overall security. For better control, it is recommended that you buy a web hosting plan that allows access to the web host manager (WHM). It is the control panel that lets you add more functionality to your cPanel but is often available only with advanced web hosting plans.