Search our site for answers
Help Docs Control Panel Guides The Ultimate Guide to the WHM Control Panel (2025) Security in WHM

Security in WHM

Lock down your server with WHM. Use Security Advisor, CSF firewall, cPHulk, and ModSecurity to protect against threats and secure data.
Control Panel WHM
1 min read

WebHost Manager (WHM) is used to configure and manage server-wide security settings.

Many security tools are centralized in WHM’s Security Center. From this section, you can configure the server’s firewall (such as cPHulk Brute Force Protection), run security scans, and manage SSL certificates. Other administrative security functions include enforcing strong password policies and keeping server software updated.

Explore the articles below to learn how to secure your WHM server effectively.

  • API Tokens for Remote Access in WHM

    Create and manage WHM API Tokens to allow secure, password-less remote access or to enable API functionality for your server.

  • Blocking IP Addresses in WHM

    Need to block an IP? This guide shows how to use ConfigServer Security & Firewall in WHM to permanently or temporarily deny any IP address.

  • Changing cPanel Passwords in WHM

    With root WHM access, you can change any cPanel user’s password without knowing the old one. This also updates their email, FTP, and SSH passwords.

  • Changing Your Root Password in WHM

    Changing the root password alters your main server and WHM login credentials, ensuring uniqueness and enhancing security.

  • Deleting a cPanel Account from WHM

    Occasionally, it may be necessary to remove a cPanel account from your server. You’ll use WHM to delete the cPanel account, which effectively deletes the domain from your server..

  • Enable Let’s Encrypt for AutoSSL on WHM-Based Servers

    Follow our tutorial to assign free SSLs on all your domains that will automatically renew! We walk you through the SSL process with easy-to-follow screenshots and instructions.

  • Enabling Two-Factor Authentication in WHM

    Two-factor authorization means that instead of just a password, you will also need a rotating authentication token along with the password (two factors) to log into WHM. Only the correct combination of the first and second factor will allow you to log in and access your server through WHM.

  • How to Enable Automatic Updates in cPanel/WHM

    These instructions are intended specifically for changing the update preferences for cPanel, RPMs (operating system packages), and SpamAssassin rules on cPanel servers.

  • Limiting WHM Access Using Host Access Control

    You can use Host Access Control in WHM to add an extra layer of security to have control over which IP addresses are able to connect to critical administrative services on your server.

  • Missing Private Key for SSL in WHM

    When renewing third-party SSLs on your Liquid Web server in WHM, the renewed certificate may lack the original private key. You can use the private key from the original certificate stored on the server for the renewed certificate.

  • Restoring a cPanel Account from WHM

    Cleaning up your server and getting rid of old cPanel accounts? What happens if you accidentally delete an account? You can restore cPanel accounts from WHM. Restoring cPanel accounts in WHM only works if you have backups enabled in WHM.

  • Unblock Your WHM Server’s IP Address

    Your server firewall blocks malicious traffic based on rules but can sometimes affect legitimate access. If you’re locked out, unblock your IP.

  • Whitelisting ModSecurity Rules in WHM

    ModSecurity is a vital defense against malicious attacks. If accidental IP blocking happens, use the ModSecurity CMC plugin in WHM to whitelist IPs.

  • WHM Security Advisor

    cPanel’s Security Advisor alerts admins to potential security issues and configurations, helping ensure server security and performance.

Was this article helpful?