Search our site for answers
Help Docs Control Panel Guides The Ultimate Guide to the WHM Control Panel (2025) Security in WHM WHM Security Advisor

WHM Security Advisor

cPanel's Security Advisor alerts admins to potential security issues and configurations, helping ensure server security and performance.
Control Panel cPanel
3 min read

You may have noticed over the past year, cPanel has been notifying you of issues that you have previously not encountered. Security Advisor experienced the most number of changes, beginning with the release of WHM 56. We’ve discussed how to turn off some of these notifications in our article Troubleshooting: cPanel is Emailing Me, Is My Server Down?, but what exactly do all of these notifications mean? Do you need to do anything with your cPanel configuration to stop these notifications? Let’s take a look at the most common Security Advisor notifications and what steps you need to take regarding the information.

‘New security advisor notifications with high importance’

While you should be reading and checking all notifications and included recommendations, it is important to understand that these notifications are coming directly from cPanel, and not from Liquid Web. These are based solely on the limited information that the cPanel software is able to access. Certain software and security measures run outside of cPanel, occasionally detecting false positives or flagging items that may not be applicable to your server. This article is going to go over the most common notifications and what to do with them. If you have additional notifications, and after researching, are not sure you should follow the advised changes, or are just not sure what to do with it at all, our Support team is available 24/7 x 365 to help.

Listening on All Interfaces

Security Advisor Notice:

The MySQL service is currently configured to listen on all interfaces: (bind-address=*) Configure bind-address=127.0.0.1 in /etc/my.cnf

This most often is a false positive. Liquid Web servers include an advanced firewall that drops traffic to all ports which have not specifically been allowed, but Security Advisor’s check is unable to take this into account. Moreover, Liquid Web’s 24/7 Sonar Monitoring™ needs to be able to connect to MySQL to monitor the service’s status. Sonar Monitoring™ uses a port which is not publicly accessible, but Security Advisor does not take that into account.

SSH Password Authentication is Enabled

Security Advisor Notice:

Disable SSH password authentication in the “SSH Password Authorization Tweak” area

This message indicates only that you can log into your server with a password. For maximum security, SSH keys are typically recommended, but as long as you’re using strong passwords, you may prefer to continue the practice. In any case, you will not want to disable SSH password authentication until you have set up and tested SSH keys to connect to your server.

SSH direct root logins are permitted

Manually edit /etc/ssh/sshd_config and change PermitRootLogin to “no”, then restart SSH in the “Restart SSH” area

This message indicates only that the root user can log into your server with the proper password or SSH key. For maximum security, you ideally would want to disable the root user login and add another user for that purpose.

Was this article helpful?