About 96% of organisations in Singapore experienced a data breach due to external cyberattacks. This took a toll on the affected companies, tainting their reputation and incurring significant financial losses.
The need to protect your websites is one thing. But the need to protect your hosting environment is a whole other necessity.
Hackers that can’t penetrate your websites will turn to the next thing they can access: your server space. And when your cPanel account is vulnerable, hackers can easily take control of it and your files.
Take deliberate steps to safeguard your cPanel account from cybercriminals.
7 Ways to Secure Your cPanel Account
First, let’s get the basics off the table.
Create a strong password and change it on a regular basis. Upgrade to the latest cPanel version to eliminate vulnerabilities. Use an antivirus software.
While these precautions provide a great deal of security, it’s only a matter of time until hackers can find their way around. Make sure to tighten the back door to your site with these advanced cPanel security tips.
1. Secure SSH
Secure Shell (SSH) is a Linux connectivity tool that allows users to remotely access their server and execute commands. This is enough reason to secure your SSH from cyberattacks.
There are two ways to boost your cPanel’s SSH security:
Change the port number
The default port number for SSH is 22. Hackers will likely already know this — and will try to use it to execute their attack.
Keep their hacking attempts at bay by changing the port number to a value that’s difficult to guess. But make sure that value is available for use.
Update the SSH version
If you’re still using the first SSH version, you’re running an unsupported tool. Change your system configuration to use SSH version 2 — which provides more protection against cyberattacks.
2. Disable Anonymous FTP
The Anonymous FTP option on cPanel allows anonymous users to use file transfer protocol (FTP) to access your hosting server’s files.
Essentially, this means anyone can upload content to your account — even potential hackers.
Think ahead by disabling anonymous FTP access in your cPanel account. To do this, head on to Service Configuration > FTP Server Configuration and disable “anonymous logins” option.
3. Install firewall
Many third-party services connect with cPanel, and hackers can use them as entry points to your account. Ensure no malicious tools or scripts pass through these services by installing a firewall.
ConfigServer Security and Firewall (CSF) is one of the most widely used tools for cPanel security. It allows you to filter the traffic that flows into your server and detect network connections that made suspicious failed login attempts.
To install CSF, you must first log into your cPanel as root through SSH.
Once installation is successful, you’ll then see CSF via WHM under Plugins. Boost security by tweaking certain parameters, like blocking every IP address with excessive connections. Check out basic CSF commands here.
4. Use cPanel security plugins
Another way to give your cybersecurity a boost is to install cPanel plugins.
RKHunter is a common anti-malware plugin that prevents rootkits from penetrating your data. Intruders can secretly install rootkits on your server to allow third-party root access. Through this, they get full control of your files and what passes through your server.
Vodien cPanel comes with a pre-installed security tool called Immunify360. Aside from malware scanning and detection, this plugin prevents unauthorised users from accessing your servers through AI and herd immunity.
5. Enable brute-force protection
Brute-force attacks happen when hackers bombard your cPanel account with thousands of login attempts using different username and password combinations.
Counter brute-force attacks through the following methods:
- Activate CPHulk Brute Force Protection. Head on to your cPanel Security center to enable this feature.
- Enable firewall (as discussed in Step 3). This prevents malicious files from breaking into your cPanel account.
- Block bad IPs. Add known malicious IPs to IP Blocker to keep them from accessing your website. Access this tool in your cPanel Security section.
6. Secure Apache and PHP
You need Apache to make sure your cPanel works seamlessly. So, it’s no surprise that hackers will find weak spots on the software to access your account.
Bulletproof Apache by enabling ModSecurity. This web application toolkit secures Apache by allowing real-time security monitoring and access control.
Aside from this, keep malicious PHP scripts from accessing important information by containing them within their home directory.
On your Vodien cPanel account, add a list of directories that can be opened by PHP by going through the following steps:
- Go to PHP open_basedir (Select PHP Version > Switch to PHP options).
- Type in the specific directories you want PHP to open. Separate directories by adding a colon (example: /dir/upload:/usr/tmp).
IMPORTANT: Of course, a basic security measure is making sure you’re running on the latest PHP version.
7. Keep a backup
We can never stress it enough — keeping a backup of your websites on another server is one paramount security measure. This ensures you can recover and restore important files in case your cPanel security is compromised.
Create a backup of your website through the cPanel Backup feature. But the downside is that you have to do it manually — which takes a chunk of the time you should be spending on managing your web agency.
A quicker and more efficient solution is using an automated backup tool, such as JetBackup. It allows you to customise your backups and to filter backup jobs by account size, reseller, and many more.
Vodien cPanel is pre-installed with JetBackup to make backup jobs easier for its users.
No security measure is too strong for a persistent hacker. Tighten your website security while keeping the backend in constant check for loopholes. Don’t forget to tick off the essential steps above.
Vodien keeps cPanel security a top priority for its clients and resellers — recently adding security options like JetBackup. Always make sure your web host is cut out to handle cyberattacks.