Security in WHM
Securing an entire server environment is a heavy responsibility. A single vulnerability or compromised password can impact every domain and cPanel account hosted on your machine. However, building a robust defense does not mean you have to configure complex security protocols purely from the command line.
WebHost Manager (WHM) centralizes your most critical protective measures into intuitive, server-wide interfaces. From the Security Center to advanced firewall configurations, WHM gives you the top-down administrative control necessary to proactively block threats, enforce strict access policies, and keep your software patched against the latest vulnerabilities.
Explore the guides below to learn how to:
- Maintain Server Health: Run the built-in Security Advisor to catch vulnerabilities, configure automatic software updates, and safely delete or restore entire cPanel accounts as needed.
- Control Access & Authentication: Protect your server by routinely changing root passwords, enforcing Two-Factor Authentication (2FA), restricting logins with Host Access Control, and securely generating API tokens.
- Manage Firewalls & IPs: Take control of your network traffic using ConfigServer Security & Firewall (CSF) and ModSecurity to block malicious attackers or whitelist legitimate users.
- Automate Encryption: Ensure every site on your server stays secure by configuring Let’s Encrypt for AutoSSL, and learn how to troubleshoot missing private keys during certificate renewals.
WHM Security Articles
Explore the articles below to learn how to secure your WHM server effectively.
API Tokens for Remote Access in WHM
Read more: API Tokens for Remote Access in WHMCreate and manage WHM API Tokens to allow secure, password-less remote access or to enable API functionality for your server.
Blocking IP Addresses in WHM
Read more: Blocking IP Addresses in WHMNeed to block an IP? This guide shows how to use ConfigServer Security & Firewall in WHM to permanently or temporarily deny any IP address.
Changing cPanel Passwords in WHM
Read more: Changing cPanel Passwords in WHMWith root WHM access, you can change any cPanel user’s password without knowing the old one. This also updates their email, FTP, and SSH passwords.
Changing Your Root Password in WHM
Read more: Changing Your Root Password in WHMChanging the root password alters your main server and WHM login credentials, ensuring uniqueness and enhancing security.
Deleting a cPanel Account from WHM
Read more: Deleting a cPanel Account from WHMNeed to remove a cPanel account? Learn how to safely terminate accounts from WHM, retain your DNS zone data, and ensure you have proper backups first.
Enable Let’s Encrypt for AutoSSL on WHM-Based Servers
Read more: Enable Let’s Encrypt for AutoSSL on WHM-Based ServersFollow our tutorial to assign free SSLs on all your domains that will automatically renew! We walk you through the SSL process with easy-to-follow screenshots and instructions.
Enabling Two-Factor Authentication in WHM
Read more: Enabling Two-Factor Authentication in WHMSecure your server by enabling Two-Factor Authentication (2FA) in WHM. Learn how to configure 2FA for root access and manage cPanel users.
How to Enable Automatic Updates in cPanel/WHM
Read more: How to Enable Automatic Updates in cPanel/WHMThese instructions are intended specifically for changing the update preferences for cPanel, RPMs (operating system packages), and SpamAssassin rules on cPanel servers.