Table of Contents

Securing cPanel After Install

This guide is intended to give some basic steps on securing cPanel after the initial installation. Please see our Initial Setup Guide if you have not already completed it.

Tweak Settings

Under Main » Server Configuration » Tweak Settings, enable (E) or disable (D) the following options:

Apache Settings

Under Main » Service Configuration » Apache Configuration » Global Configuration, perform the following:

Also under Apache Configuration, use Modify Apache Memory Usage to manage child process memory handling.

PHP Settings

First and foremost, we recommend enabling SuPHP for security reasons. Please see the following article: Enabling SuPHP.

Also recommended are the following PHP settings. Please be aware of the implications of each and their effect on your scripts (i.e. may break some poorly-coded/older scripts). The php configuration file, php.ini, can be edited inside the WHM under Main » Service Configuration » PHP Configuration Editor and switching to Advanced Mode.

Also consider enabling the Main » Security Center » PHP open_basedir Tweak.

FTP Settings

Found under Main » Service Configuration » FTP Server Configuration:

Miscellaneous Tweaks

Final Notes

We also recommend installing a firewall and bruteforce detection mechanism such as the free firewall CSF. Other options include APF+BFD, or custom iptables rulesets.