cPanel security settings checklist
You always use cpanel recommended Security Settings to avoid hacking and other suspicious activity. These cPanel Server Hardening & Security tips will help prevent from hacking.
cPanel security checklist
This checklist pertains to the Tweak Settings interface of WHM. You can access the Tweak Settings interface at WHM >> Server Configuration >> Tweak Settings.
| Setting | Recommendation |
|---|---|
| Enable HTTP Authentication Leaving this option disabled enables cookie authentication, helping to prevent certain types of XSRF attacks. |
Off |
| Cookie IP Validation Enabling this option limits the ability of attackers who capture cPanel session cookies and attempt to access the cPanel and WHM interfaces. For this setting to work best, you should also disable proxy domains. |
On |
| Proxy Subdomain Creation Disabling this option prevents cPanel, webmail, webdisk, and WHM proxy subdomain DNS entries from being added to new accounts. |
Off |
| Require SSL Enabling this option requires logins from remote locations to use SSL. |
On |
| Security Tokens Enabling this option requires that security tokens be used to access any interface associated with cPanel & WHM. This helps to prevent XSRF attacks. |
On |
| Block Common Domains Usage Enabling this option prevents users from adding or parking common Internet domains, such as hotmail.com or google.com. |
On |
| Initial default/catch-all forwarder destination Selecting Bounce for this option causes the server to automatically discard unroutable email sent to your server’s new accounts. This option is the best at protecting your server against mail attacks. |
Bounce |
Verify the following Security Center Checklist
You can access WHM’s Security Center features at WHM >> Security Center. Many of these features will help to secure your server.
Disable Identification Output for Apache
Log into WHM and access the Apache Global Configuration feature (located at WHM>> Service Configuration >> Apache Configuration >> Global Configuration).
Select Off (PCI Recommended) from the ServerSignature pull-down menu.
Click Save.
Install mod_security — This module is an open-source web application firewall.
Install CSF firewall – Recommented firewall for cpanel servers.
suPHP — This module causes PHP scripts to run as the owner of the script versus the nobody user.
Suhosin — This module is an advanced protection system for PHP installations. For more information, read the Suhosin website.
You can verity this important php security settings.
