Search our site for answers
Help Docs Control Panel Guides The Ultimate Guide to the WHM Control Panel (2025) Security in WHM

Security in WHM

Lock down your server with WHM. Use Security Advisor, CSF firewall, cPHulk, and ModSecurity to protect against threats and secure data.
Control Panel WHM
2 min read

Securing an entire server environment is a heavy responsibility. A single vulnerability or compromised password can impact every domain and cPanel account hosted on your machine. However, building a robust defense does not mean you have to configure complex security protocols purely from the command line.

WebHost Manager (WHM) centralizes your most critical protective measures into intuitive, server-wide interfaces. From the Security Center to advanced firewall configurations, WHM gives you the top-down administrative control necessary to proactively block threats, enforce strict access policies, and keep your software patched against the latest vulnerabilities.

Explore the guides below to learn how to:

  • Maintain Server Health: Run the built-in Security Advisor to catch vulnerabilities, configure automatic software updates, and safely delete or restore entire cPanel accounts as needed.
  • Control Access & Authentication: Protect your server by routinely changing root passwords, enforcing Two-Factor Authentication (2FA), restricting logins with Host Access Control, and securely generating API tokens.
  • Manage Firewalls & IPs: Take control of your network traffic using ConfigServer Security & Firewall (CSF) and ModSecurity to block malicious attackers or whitelist legitimate users.
  • Automate Encryption: Ensure every site on your server stays secure by configuring Let’s Encrypt for AutoSSL, and learn how to troubleshoot missing private keys during certificate renewals.

WHM Security Articles

15 results

Explore the articles below to learn how to secure your WHM server effectively.

  • Limiting WHM Access Using Host Access Control

    You can use Host Access Control in WHM to add an extra layer of security to have control over which IP addresses are able to connect to critical administrative services on your server.

    Read more: Limiting WHM Access Using Host Access Control

  • Missing Private Key for SSL in WHM

    When renewing third-party SSLs on your Liquid Web server in WHM, the renewed certificate may lack the original private key. You can use the private key from the original certificate stored on the server for the renewed certificate.

    Read more: Missing Private Key for SSL in WHM

  • Restoring a cPanel Account from WHM

    Cleaning up your server and getting rid of old cPanel accounts? What happens if you accidentally delete an account? You can restore cPanel accounts from WHM. Restoring cPanel accounts in WHM only works if you have backups enabled in WHM.

    Read more: Restoring a cPanel Account from WHM

  • Unblock Your WHM Server’s IP Address

    Your server firewall blocks malicious traffic based on rules but can sometimes affect legitimate access. If you’re locked out, unblock your IP.

    Read more: Unblock Your WHM Server’s IP Address

  • Whitelisting ModSecurity Rules in WHM

    ModSecurity is a vital defense against malicious attacks. If accidental IP blocking happens, use the ModSecurity CMC plugin in WHM to whitelist IPs.

    Read more: Whitelisting ModSecurity Rules in WHM

  • WHM Security Advisor

    cPanel’s Security Advisor alerts admins to potential security issues and configurations, helping ensure server security and performance.

    Read more: WHM Security Advisor
Was this article helpful?