cPanel is one of the most used web hosting control panels around the world, where a new cPanel account is created every 14.5 seconds. Webmasters and web hosts use this tool to manage their website and web hosting account.
A Linux-based administration system, the cPanel is targeted by hackers and cybercriminals because of its popularity. If they get access to the cPanel account, then they can easily hack the website(s) managed using the account. That’s why the security of cPanel is crucial for every website owner.
Also, cyberattacks against websites are increasing rapidly. In 2018, around 4,000 websites were attacked, which included government sites of the US, UK, and Australia. The attackers mostly used these sites to mine cryptocurrency by consuming CPU power without the consent of the users.
It’s very important for every site owner to keep the best security practices in place. Securing a cPanel account is very easy. Below are some of the best steps to do it.
1. Use strong passwords
It is critical to use strong passwords for your cPanel account which are difficult to hack. You should keep changing the passwords weekly or monthly using the Password Generator tool in cPanel.
Also, enable the SSL for cPanel access, so that it becomes difficult for attackers to snoop around on your password.
2. Securing SSH
Secure Shell (SSH) allows users to securely access the server, who runs cPanel from remote locations. It is an encrypted protocol that needs to be secured for enabling secure access.
Remember that you shouldn’t use the default port 22 for keeping the SSH, as the default protocol is vulnerable to cyberattacks. What you need to do is select a random port so that hackers can’t decide the port to attack SSH.
For stronger SSH security, also disable the root login to SSH. It would be better to create distinct user access to the server.
If you are using SSHv1 which is outdated now, then disable it and go for SSHv2. The outdated version is less secure and can be vulnerable to attacks. All these things should be taken care of right from the time of building a website.
3. Keep cPanel always up to date
The cPanel homepage includes ‘Upgrade to latest version’ option so that users can see it easily and keep the tool always updated. When a new update is released, it comes with bug fixes, improved security, and new features. Hence, consider updating the cPanel whenever a new version is available.
Apart from that, using a VPN is also a great option for securing your precious data. You can check out cooltechzone.com and get details about VPN and how to use it.
4. Enable CPHulk Brute-Force Protection
The CPHulk Brute-Force Protection option available in the Security Center of cPanel is one of the most effective security practices. It allows you to block the suspicious IP addresses that try to allegedly try to access the server.
Blocking such IP addresses will mean that they can’t attack your cPanel again because the cPanel database will keep track of those IP addresses. You can also choose to block IP addresses from accessing a particular website that is managed using your cPanel. So, enable this feature from cPanel’s Security Center.
When you upload any image or other files on your website, it is stored on your server and consumes some bandwidth. When some other website or blog adds the same image or file on their website, by embedding it directly from your site rather than uploading it, then it will also consume your bandwidth. This is called hotlinking.
This can be very bad for your site, especially if the other site attracts high traffic. Bandwidth for that file will be consumed from your server, which will impact your site loading speed and increase bandwidth costs. Regardless of the web hosting options, you have opted for, you need to avoid the hotlinking. There is an option in cPanel named ‘Hotlink Protection’ which can be enabled to protect hotlinking and avoid third-party sites from embedding your files.
6. Use SFTP
FTP stands for File Transfer Protocol, while SFTP is Secure File Transfer Protocol.
When you use FTP, the data shared between the client and server is unencrypted. This data is most of the times confidential, as it includes usernames and passwords, and private messages. A middleman or attacker can get access to this data if sent over an unencrypted link.
On the other hand, if you use SFTP, all the data will be encrypted, so that no middleman can retrieve the data. Visit FTP Server Configuration in your cPanel and set TLS Encryption Support to Required (command).
7. Use EasyApache
cPanel comes with an easy-to-use tool that can be used to update and configure the Apache webserver. This tool is called the EasyApache. It can also be used to install, modify, and verify the PHP, Tomcat, as well as other elements of a server.
You should use EasyApache as it can handle the updates automatically. Its use will eliminate the need for recompiling Apache and PHP on every server whenever an update is available.
Other than keeping the things updated, it can also be helpful in preventing malicious PHP scripts from opening any files from home directory.
8. Firewall protection
Protection of cPanel using a firewall is critical for security. It blocks the untrusted traffic to the cPanel by becoming a barrier to them. You should set up firewall protection to scan authentication log files, scan your server regularly, and get suggestions regarding the improvement of security.
For example, you can use CSF (ConfigServer Security and Firewall) to strengthen your cPanel security.
9. Additional security checks
Other than setting a strong password, using SFTP, keeping cPanel updated, and using a firewall, you should also limit the use of such command so that only specified users can access the root. Define the Shell Fork Bomb Protection in cPanel, which will limit the access to server resources.
cPanel is the administration panel of your website, and if you don’t pay the required attention to its security, then you are leaving your site open to risks.
Take a moment and ensure that you have all the above-mentioned security practices in place. cPanel has all the security options available with it, all you need to do is browse it and apply them.
Mark Coleman is working as an Editor MarkupTrend. He enjoys blogging and interacting with the marketing community. Follow him on Twitter @mark_colemn.