cPanel is among the most widely used commercial control panels in the market and its popularity is no surprise. cPanel lets you easily manage web files, track data, and maximise your website’s SEO.
While only available for Linux OS, cPanel (along with WHM or Web Host Manager) continues to be the go-to control panel for hosting management. It suits everyone from beginners to experienced system admins.
But like every tool in the market, cPanel is not foolproof and can be vulnerable to cyberattacks.
Photo by Mati Mango via Pexels
How Do Hackers Overrun Your cPanel Account?
The most common way hackers perforate a cPanel account is through a hacked website. By taking advantage of a website’s vulnerability, hackers can easily entrench themselves in a system.
One common hack method is a brute-force attack. The process involves a hacker using trial and error methods to gain access to an organisation’s systems, networks, and individual accounts. They often use apps to generate different login combinations before successfully hacking into the system.
Another way hackers gain unauthorised access is through API tokens. Hackers may supply you with illegal tokens with privileges. They then exploit this vulnerability to access your cPanel account.
Remember that the cybersecurity industry is as lucrative as ever, so hackers will stop at nothing to succeed. If they’re unable to access your website, they’ll attack your server or hosting space, where all your confidential data is stored.
Ensure that your organisation has taken measures to protect your cPanel accounts. Below are some beginner-friendly steps your business can start implementing today.
8 Ways To Protect Your cPanel Account From Hackers
1. Enforce strong, unique passwords
One of the first steps to protect your cPanel account (or any system really) is to enforce a strong password policy.
Here are some tips to remember when you’re creating a password for cPanel account:
- Use a unique password — bonus points if you’ve never used it for any of your online accounts!
- Avoid using passwords that include your username, birthday, or any piece of public information.
- Use a combination of uppercase and lowercase characters to decrease the chances of a brute force attack.
- Use a password management tool so you never get locked out of your account.
You can define the default password strength for new users by configuring the Default Required Password Strength slider on cPanel. You can also set a number between zero and 100, with 100 representing the strongest password setting.
To configure password requirements for existing accounts, go to WHM’s Configure Security Policies interface to enable the Password Strength settings.
2. Update your cPanel to the latest version
cPanel constantly releases new security patches to resolve new security vulnerabilities.
To update manually, head to WHM > cPanel > Upgrade to the Latest Version. You can also request assistance from your developer or system administrator to upgrade your cPanel version via the command line.
To enable daily updates, go to WHM > Server Configuration > Update Preferences.
Note that not every new update is compatible with your system. So it’s always a good idea to launch the update on a staging environment prior to releasing it live. If you don’t have the resources to do this step yourself, don’t hesitate to employ professional help to avoid data loss.
3. Enable firewall in WHM (Web Host Manager)
The minute you set up your cPanel account and WHM accounts, ensure that you have a firewall configured.
A firewall is a cybersecurity tool designed to prevent unauthorised access. It blocks malicious scripts, third-party services, and Distributed Denial-of-Service (DDoS) tools from passing through your server. A firewall also allows you to filter and scan external network connections.
While no two firewalls are the same, some systems even allow you to monitor all login attempts.
4. Secure Your SSH Server
SSH stands for Secure Shell. It can be used to describe the protocol itself or the tools used to establish encrypted communication between two computers.
By default, port 22 is used for all incoming connections. Because it’s a well-known port, it attracts hackers and malicious bots.
To combat this, you can start by deciding on an alternative port to use other than port 22. You can follow the steps to configure SSH Access via your cPanel account.
While changing the default port distracts bots from scanning the web for vulnerabilities, it doesn’t fully protect you from an attack. Increase security by using SSH keys instead of passwords, disabling direct root access, and prohibiting the use of blank passwords.
5. Boost security on Apache and PHP on Linux
Apache is one of the most widely-used web servers for Linux, hosting more than 50 million websites since its launch.
While Apache is a secure web server on its own, you can take measures to harden and improve its security.
Some ideas include but are not limited to:
- Disabling directory browsing. By default, Apache displays the contents of a directory. It’s recommended that you switch this off to prevent attackers from obtaining the source code.
- Update Apache regularly. Apache’s developers have consistently launched new versions to tackle security issues. Check the version of Apache you’re running on by using the httpd -v command.
- Disable TRACE HTTP request. Enabling HTTPS TRACE requests allows hackers to launch a Cross-Site Traffic attack.
- Remove redundant DSO modules. Apache activates modules by default. Removing the ones you don’t need not only improves your security but also improves performance and memory efficiency.
- Allow access only to specific networks or IPs. You can modify this via your site Directory in httpd.conf.
6. Use SFTP (Secure File Transfer Protocol)
File Transfer Protocol (FTP) is a set of protocols used to move files between computers. One of its benefits is that, unlike browsers, there’s no file size limit. You can also schedule transfers using FTP clients like Filezilla.
The only downside to FTP is that it doesn’t encrypt the data. This makes it easy for hackers to capture the data packets and use them for their own gain.
SFTP, or Secure File Transfer Protocol, is exactly as its name implies. SFTP establishes a secure connection by applying an SSH2 Message Authentication Code (Code) to data payload packets encrypted in the data stream.
To configure the cPanel account to connect with an SFTP service, go to FTP Server Configuration > TLS Encryption Support. Click on the drop-down menu and select Required. Don’t forget to click Save.
7. Secure your website as well
A professional website requires time and money. But without security measures in place, you could be putting your site — and your business — at risk.
Here are some website security tips you can easily start implementing today:
- Equip your website with SSL. Installing SSL prevents hackers from stealing confidential data sent to and from your website.
- Partner with a secure website host. A well-known hosting provider doesn’t guarantee your website’s security. In fact, dozens of big-name providers find themselves at the receiving end of a hacking attack. When choosing a web hosting provider, ensure that they have security as a top priority. On top of server security tools, take a look if they offer 24/7 performance monitoring, and service guarantees to ensure your data stays protected all year round.
- Secure file uploads. Allowing user-generated content is a great way to promote user engagement on your site — until it opens a pandora’s box of malware.
Protect your website by encrypting your website data with SSL, installing anti-virus software, and storing uploads outside the root directory.
You can learn more about these security measures — and a few others — here.
8. Backup your server files
It’s always a good idea to have a backup ready.
Content Management Systems like WordPress lets you manage scheduled backups with plugins. There are tons of free and premium options available. Some favourites among the WordPress community include UpdraftPlus and JetPack.
Otherwise, you can go the manual route and backup your website on cPanel. Simply head to Files > Backup to save a copy of your themes, plugins, configuration files, and your entire database.
Bulletproof Your cPanel Account Today
Servers contain piles of confidential business information. If compromised, you not only lose private data — you lose public trust and credibility as well.
Take a moment to protect your cPanel account from hackers today. Apart from the security options available on cPanel, you can add an extra layer of protection by partnering with secure web hosting.
You can always drop us a message here at CLDY, Singapore’s leading hosting service provider, leveraging the best of what cloud technology has to offer and scaling your business today using our secure server infrastructure!