Hosting automation helps make managing your server and websites easier and more efficient. Control panels are one type of common hosting automation, and cPanel is perhaps the most famous. As with any hosting automation, a control panel also adds an additional layer of potential security issues that you need to make sure you lock down. The following are a few tips to help you keep cPanel and WHM secure.
1. Keep cPanel up to date – While some updates might just fix minor bugs, there is always a chance an update might fix a major security flaw. These are common security updates that all software needs from time to time. You can configure automatic updates in WHM > Server Configuration > Update Preferences.
2. Always use SSL – cPanel gives the option of using SSL, but you should make it mandatory for users, as there are very few, if any, valid reasons for users to need http access rather than https. You can find these options in WHM > Server Configuration > Tweak Settings. Make sure you have “Always redirect to SSL” selected. Even if users specifically type “http://” it will redirect to “https”.
3. Require secure passwords – Of all the potential exploits hackers might find in a system, weak passwords are perhaps the most common and easy to find. Some users tend to use extremely simple passwords because they are easy to remember, but this can leave your system vulnerable. Go to WHM > Security Center > Password Strength Configuration to set the required password strength.
You can truly have the best of both words: efficient and user-friendly hosting automation and top-notch security. It might just require a little extra to work to setup and maintain, but it most cases, it is well worth it.