Everyone knows they need to protect their website, but some people aren’t aware of how important it is to protect their hosting space.
If hackers can’t directly get into your website, they’ll attack your server space, where your website’s files are stored. One of the first ways they’ll try to break in is through your cPanel account.
That’s why, in addition to protecting your website, you should take steps to secure your cPanel account as well.
In this article, we’ll show you exactly how to safeguard your cPanel account from hackers, thereby making your website harder to hack.
- What precautions to take before accessing cPanel,
- How to protect your cPanel entry point,
- How to add safeguards inside cPanel that will reduce its weak spots.
These are just some of the topics we’ll cover, so, if you’re ready to make your website secure, let’s get started!
Implement Basic cPanel Security Measures
If you’re using common passwords and don’t have the most basic security measures in place, you won’t have anyone to blame but yourself if your cPanel gets hacked.
Hackers depend on you being careless—it makes their job easier. Don’t fall into that trap.
This section outlines some basic precautions you can take to secure your cPanel account.
Create a Strong Password
A report by Verizon found that 81% of hacking attempts leveraged weak or stolen passwords. So, one of the first steps you should take to protect your cPanel account is to use a strong password.
Here are a few tips on how to create one:
- Create a completely new password that’s different from the ones you use on the internet.
- Don’t create a password that includes words from your username or from any security questions you’ve answered.
- Add uppercase characters, numbers, and symbols to increase your password’s complexity.
If you have trouble remembering passwords, you can use a password manager like LastPass or Dashlane. Tools like that will not only help you create a complex password, they will encrypt them and store them for you online.
Enable a Firewall
cPanel connects to many different services. To make sure no malicious hacking tool or script passes through these services into your cPanel account, you need to install a firewall.
Right now, the most popular firewall you can install to cPanel is ConfigServer Security and Firewall, known as CSF.
With this firewall service, you can:
- Control traffic flowing into your server space. Traffic flows in and out through many different connections inside your hosting server. A firewall will close all connections and allow you to selectively open the connections from which you want to receive traffic.
- Prevent DDoS attacks. You don’t want a hacker to install a DDoS tool on your server. A firewall will prevent that from happening by closing outgoing ports, opening only those needed for authorized outgoing traffic.
- Track network connections. A firewall like CFS scans all network connections that pass through it and lets you know which ones made a suspicious number of failed login attempts.
In short, with a firewall, your cPanel account will be protected from malicious tools that try to enter your website through third-party services.
Install Antivirus Software
Your server space uses an operating system. This means it can be affected by viruses that can corrupt or destroy your website files.
There’s a way to prevent this from happening—install antivirus software. Many popular options exist, and you can ask your hosting provider for recommendations.
Find and Remove Malicious Files with rkhunter
Hackers use a tool called a rootkit to hide malicious files on your server—files that can be used for phishing, connecting to botnets, and starting a DDoS attack.
Rootkits have seen widespread use, but there’s software that will help protect you from them. For example, a tool called rkhunter. It’s designed to scan your server space for rootkits and backdoors, finding and removing any dangerous files or processes that could compromise the security of your website.
Secure Your cPanel Entry Points
Now that we’ve covered the basic precautions you can take to improve the security of your cPanel account, let’s see how you can make your server space even harder to break into. This section gives you three tips to increase the security of your cPanel access points.
Change the Port Number for SSH
You can gain access to your cPanel account remotely through the Secure Shell (SSH).
If you can, so can a hacker. That means securing it should be a top priority.
There are two ways you can increase the security of your cPanel’s SSH:
By changing its port number.
The default port number for SSH is 22. Hackers know that, and it’s the port they try to attack first. The easiest way to minimize the risk of attack is to change the port number to a non-default value that hackers won’t be able to guess.
By updating the version of SSH.
It’s not a good idea to use SSHv1. Instead, you can disable it so that only SSHv2 is active. The newer version is more secure and less vulnerable to attacks.
By using these two methods, you’ll have a more secure SSH in place, which means better protection against attacks on your cPanel account.
Disable Anonymous FTP
As strange as it might sound, cPanel allows users to anonymously use FTP (file transfer protocol) to gain access to your hosting server’s files.
This is a big problem, as it means virtually anyone can put any file on your hosting server without identifying themselves.
To prevent that from happening, you should disable anonymous FTP access in your cPanel settings.
Go to Service Configuration → FTP Server Configuration. You’ll find the option to disable “anonymous logins.”
Enable Brute-Force Protection
With brute-force attacks, hackers try making thousands (or even hundreds of thousands) of attempts to log into your cPanel with various username and password combinations.
There are three things you should do to prevent that from happening:
- Enable a firewall. As discussed, a firewall will help ensure that no malicious files can impact the security of your cPanel account.
- Enable CPHulk Brute Force Protection. You can enable this feature by going to the security center of cPanel.
- Add known bad IPs to IP Deny Manager: You can add known malicious IPs to a list so they’ll be denied access to your cPanel account.
Doing these things will make your cPanel account safe from brute-force attacks.
Keep the Inside Secure
It matters how secure you keep your cPanel from the outside, but you have to safeguard the inside as well. In this section, you’ll learn how to do that.
Increase Security of Apache and PHP
Apache is the most popular web server software and is needed for cPanel to work properly. That’s why you must secure it as hackers can use its vulnerabilities to access your cPanel account.
To protect Apache, you need to install ModSecurity. It allows you to safely update your server’s Apache installation to the latest version.
In addition, we recommend that you install the SuPHP module. It makes it much safer for you to execute PHP scripts and lets you identify users that have executed a PHP script.
Use an Encrypted FTP Service
An FTP service lets you quickly access the contents of your web server files through cPanel.
Unfortunately, most people use a simple FTP service instead of an encrypted one. Using SFTP (Secure File Transfer Protocol) is much safer.
What’s the difference between FTP and SFTP?
A file transfer done with a simple FTP service can be seen by anyone. On the other hand, in an SFTP service, the data being transferred is encrypted, meaning no malicious third party can see it.
That’s why you should configure your cPanel to connect with an SFTP service. To enforce this, navigate to FTP Server Configuration → TLS Encryption Support. From the drop-down menu that appears, select Required, then click Save.
If you follow the tips laid out above, you’ll have significantly increased your cPanel account’s security. But you don’t have to stop there.
In this section, we’ll share a few extra precautions you can take.
Move to CloudLinux
CloudLinux is a licensed operating system that’s far more secure than any other Windows or Linux OS out there.
Its flagship feature is LVE (Lightweight Virtualized Environment), which isolates one user from another, making sure that, if one user’s security is compromised, that can’t hurt the whole server.
In addition, some other notable features of CloudLinux include:
- CageFS: This feature prevents users from seeing and accessing each other’s files. In addition, users cannot access core Apache Config files.
- HardenedPHP: This feature secures previous PHP versions installed and won’t force you to update your PHP to the latest version.
- SecureLinks: This feature will prevent hackers from creating symlinks and hard links to files on your hosting server and will secure your server against symlink attacks.
These features will be especially useful if you have multiple websites on multiple hosting accounts.
To install CloudLinux, we recommend that you contact your hosting provider and ask about the available options.
Secure Your Website Itself
We’ve talked about securing your PHP account but securing your website is just as important.
If you haven’t already, you should try Protection Power or another security service. Make sure you select one that can:
- Scan your website for malware, viruses, and other malicious scripts, and clean them up;
- Provide you with a firewall that can help prevent DDoS and brute-force attacks;
- Make it easier to use other security tools, like SSL certificates.
Addressing these things is crucial because increasing the security of your website also increases the security of your cPanel account.
Create a Server-Wide Backup Regularly
If your web server does get hacked, it’s important that you have a copy of your website files.
This will allow you to clean your server and restore your website faster.
To create a backup of your website, inside cPanel, go to Files → Backup. Here you can quickly create a full backup of your website.
That method of creating a backup is easy, but the disadvantage is that you have to do it manually.
If you have WordPress, as an alternative way to create backups, you can install a plugin like UpdraftPlus. That plugin, and others like it, can be set to automatically back up your WordPress files and upload them to the cloud, FTP service, Dropbox, or any file storage you prefer.
Even if you’re not using WordPress, instead running your website on Wix, Squarespace, or some other CMS, you’ll be able to find an automated backup solution for your system. It may help to contact your CMS’ customer support to request guidance.
Additionally, your hosting provider might have automated website backup as well.
Last but Not Least…
One of the easiest and most obvious things you can do to protect your cPanel is to make sure you’re running the latest version.
By doing that and following the tips laid out above, your cPanel will be more secure and incredibly hard for hackers to get into.
Are you taking any extra measures to protect your cPanel account?