Advanced cPanel security

Advanced cPanel Security Settings for Users


WHM – Tweak Settings:

  • Select Fail to automatically discard mail sent to bad email addresses
  • Prevent nobody from sending email.
  • Enable SPF on domains
  • Max hourly emails per domain


WHM – Security Center

  • Password Strength set to 60 or above
  • Compiler Access – Disable
  • FTP Server Configuration – Disable Anonymous FTP


Use mod_security

Mod_security is an Apache module that enables the ModSecurity web application firewall.  This can be complied in via WHM – Easy Apache or via ssh by running /scripts/easyapache.


Configuring of mod_security rules is accomplished through Security Center - ModSecurity Configuration.  For most users, the basic rule set can be used.


Whitelisting rules is easy for even basic administrators.  A free plugin for WHM can be installed to provide a web interface on whitelisting for users/accounts.  Disabling per account can also be accomplished.  Instructions and the download link can be found at:


Securing SSH


Change the port that SSH runs on from port 22.  Select a port that is less that 1024 and isn’t in use by another service.  This can be changed at /etc/ssh/sshd_config.  Also, use SSHv2 only as SSHv1 is not sure any longer.


Harden the /tmp partition


cPanel has a script that will take care of all security issues with /tmp.  Via ssh, run /scripts/securetmp.


Other free utilities for cPanel:


ConfigServer Security and Firewall (CSF) – A free firewall, login/intrustion detection and security application.  This can be used in conjunction with mod_security as well.  Instructions and download links can be found at


ConfigServer Mail Manage – A free add-on for WHM.  This provides the capability to manage cPanel user accounts without having to login to individual accounts (such as password changes, forwarding, filters, quotas).  Instructions and and download links can be found at


ConfigServer Mail Queues – Another free add-on for WHM.  This provides the capability to monitor and manage the exim queue within WHM without having to know ssh commands.  Instructions and download links can be found at


Maldet – Maldet is a malware scanner that is designed for web hosting environments.  Can scan automatically and on demand as well as report without a quarantine or report with a quarantine.  To install, do the following on SSH:


# wget

# tar -xvf maldetect-current.tar.gz# cd mald*# ./ 

All configurations are done through /usr/local/maldetect/conf.maldet, to include setting up email alerts, quarantine options, scan options and monitoring options.

Was this answer helpful? 2 Users Found This Useful (3 Votes)