{"id":553,"date":"2024-09-16T02:38:12","date_gmt":"2024-09-15T21:08:12","guid":{"rendered":"https:\/\/mumbaiwebhosting.co.in\/articles\/?p=553"},"modified":"2024-09-16T02:38:14","modified_gmt":"2024-09-15T21:08:14","slug":"secure-your-website-with-cpanel","status":"publish","type":"post","link":"https:\/\/mumbaiwebhosting.co.in\/articles\/secure-your-website-with-cpanel\/","title":{"rendered":"Secure your website with cPanel"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"372\" height=\"135\" src=\"https:\/\/mumbaiwebhosting.co.in\/articles\/wp-content\/uploads\/2024\/09\/cPanel-secure.jpg\" alt=\"\" class=\"wp-image-554\" srcset=\"https:\/\/mumbaiwebhosting.co.in\/articles\/wp-content\/uploads\/2024\/09\/cPanel-secure.jpg 372w, https:\/\/mumbaiwebhosting.co.in\/articles\/wp-content\/uploads\/2024\/09\/cPanel-secure-300x109.jpg 300w\" sizes=\"auto, (max-width: 372px) 100vw, 372px\" \/><\/figure>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#steps-to-secure-your-website-with-c-panel\">Steps to Secure Your Website with cPanel:<\/a><ul><li><a href=\"#1-install-an-ssl-certificate\">1. Install an SSL Certificate<\/a><\/li><li><a href=\"#2-use-secure-passwords-and-enable-two-factor-authentication-2-fa\">2. Use Secure Passwords and Enable Two-Factor Authentication (2FA)<\/a><\/li><li><a href=\"#3-enable-and-configure-firewall\">3. Enable and Configure Firewall<\/a><\/li><li><a href=\"#4-enable-mod-security\">4. Enable ModSecurity<\/a><\/li><li><a href=\"#5-set-up-and-schedule-backups\">5. Set Up and Schedule Backups<\/a><\/li><li><a href=\"#6-protect-against-brute-force-attacks\">6. Protect Against Brute Force Attacks<\/a><\/li><li><a href=\"#7-use-hotlink-protection\">7. Use Hotlink Protection<\/a><\/li><li><a href=\"#8-enable-directory-privacy\">8. Enable Directory Privacy<\/a><\/li><li><a href=\"#9-disable-unused-services-and-ports\">9. Disable Unused Services and Ports<\/a><\/li><li><a href=\"#10-keep-software-and-plugins-updated\">10. Keep Software and Plugins Updated<\/a><\/li><li><a href=\"#11-scan-for-malware\">11. Scan for Malware<\/a><\/li><li><a href=\"#12-limit-file-permissions\">12. Limit File Permissions<\/a><\/li><\/ul><\/li><li><a href=\"#additional-security-best-practices\">Additional Security Best Practices:<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<p>Securing your website using <strong>cPanel<\/strong> involves several key steps to protect your site from potential threats, such as hacking, malware, and other vulnerabilities. cPanel provides tools and features that make it easy to enhance the security of your website and server.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"steps-to-secure-your-website-with-c-panel\">Steps to Secure Your Website with cPanel:<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"1-install-an-ssl-certificate\">1. <strong>Install an SSL Certificate<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>SSL (Secure Socket Layer)<\/strong> encrypts data transferred between the server and the users, ensuring secure communication.<\/li>\n\n\n\n<li>In cPanel:\n<ol class=\"wp-block-list\">\n<li>Log in to your cPanel account.<\/li>\n\n\n\n<li>Go to the <strong>Security<\/strong> section and click on <strong><a href=\"https:\/\/www.squarebrothers.com\/ssl-certificate-india\/\" target=\"_blank\" rel=\"noopener\">SSL\/TLS<\/a><\/strong>.<\/li>\n\n\n\n<li>You can generate a free <strong>AutoSSL<\/strong> or purchase an SSL certificate from a provider.<\/li>\n\n\n\n<li>Install the certificate to enable HTTPS.<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>Ensure that your site is always served over HTTPS by setting up a redirect from HTTP to HTTPS.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"2-use-secure-passwords-and-enable-two-factor-authentication-2-fa\">2. <strong>Use Secure Passwords and Enable Two-Factor Authentication (2FA)<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Weak passwords are a major vulnerability. Ensure all admin accounts use strong, unique passwords.<\/li>\n\n\n\n<li>To enable <strong>2FA<\/strong>:\n<ol class=\"wp-block-list\">\n<li>In cPanel, navigate to the <strong>Security<\/strong> section.<\/li>\n\n\n\n<li>Click on <strong>Two-Factor Authentication<\/strong>.<\/li>\n\n\n\n<li>Follow the steps to enable 2FA for your cPanel account.<\/li>\n<\/ol>\n<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"3-enable-and-configure-firewall\">3. <strong>Enable and Configure Firewall<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A firewall helps protect your server from unwanted access.<\/li>\n\n\n\n<li>In cPanel, you can manage firewall settings through <strong>ConfigServer Security &amp; Firewall (CSF)<\/strong> if it is installed on your server. If not, you may need to install a third-party firewall.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"4-enable-mod-security\">4. <strong>Enable ModSecurity<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>ModSecurity<\/strong> is a web application firewall (WAF) that helps protect your site from various attacks like SQL injection, XSS (Cross-Site Scripting), and more.<\/li>\n\n\n\n<li>To enable:\n<ol class=\"wp-block-list\">\n<li>Go to the <strong>Security<\/strong> section.<\/li>\n\n\n\n<li>Click on <strong>ModSecurity<\/strong> and enable it for the domains you want to protect.<\/li>\n<\/ol>\n<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"5-set-up-and-schedule-backups\">5. <strong>Set Up and Schedule Backups<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Regular backups ensure that you can quickly restore your site in case of an attack or data loss.<\/li>\n\n\n\n<li>In cPanel:\n<ol class=\"wp-block-list\">\n<li>Go to the <strong>Files<\/strong> section and click on <strong>Backup<\/strong> or <strong>Backup Wizard<\/strong>.<\/li>\n\n\n\n<li>Set up a backup schedule to automatically back up your site files and databases.<\/li>\n\n\n\n<li>Store your backups in a secure location, such as an external cloud service or local storage.<\/li>\n<\/ol>\n<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"6-protect-against-brute-force-attacks\">6. <strong>Protect Against Brute Force Attacks<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>cPHulk<\/strong> is a cPanel tool that helps prevent brute force attacks by blocking suspicious login attempts.<\/li>\n\n\n\n<li>To enable cPHulk:\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Security<\/strong>.<\/li>\n\n\n\n<li>Click on <strong>cPHulk Brute Force Protection<\/strong> and configure the settings.<\/li>\n\n\n\n<li>You can block IP addresses after a certain number of failed login attempts.<\/li>\n<\/ol>\n<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"7-use-hotlink-protection\">7. <strong>Use Hotlink Protection<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Hotlink protection prevents other websites from using your bandwidth by embedding images or other files <a href=\"http:\/\/mumbaiwebhosting.co.in\">hosted<\/a> on your site.<\/li>\n\n\n\n<li>To enable:\n<ol class=\"wp-block-list\">\n<li>In the <strong>Security<\/strong> section, click on <strong>Hotlink Protection<\/strong>.<\/li>\n\n\n\n<li>Configure the allowed domains and block hotlinking for specific file types (like images).<\/li>\n<\/ol>\n<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"8-enable-directory-privacy\">8. <strong>Enable Directory Privacy<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Protect sensitive directories with a password using <strong>Directory Privacy<\/strong> in cPanel.<\/li>\n\n\n\n<li>To enable:\n<ol class=\"wp-block-list\">\n<li>Go to the <strong>Files<\/strong> section.<\/li>\n\n\n\n<li>Click on <strong>Directory Privacy<\/strong>.<\/li>\n\n\n\n<li>Select the directory you want to protect and set a username and password for access.<\/li>\n<\/ol>\n<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"9-disable-unused-services-and-ports\">9. <strong>Disable Unused Services and Ports<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Disable any cPanel services or ports that are not in use to minimize vulnerabilities. This can be done through <strong>WHM (Web Host Manager)<\/strong> for advanced users with root access.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"10-keep-software-and-plugins-updated\">10. <strong>Keep Software and Plugins Updated<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Outdated CMS (like WordPress), plugins, or themes can be vulnerable to attacks. Regularly update all software via cPanel\u2019s <strong>Softaculous App Installer<\/strong> or manually to keep everything secure.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"11-scan-for-malware\">11. <strong>Scan for Malware<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use a malware scanner like <strong>ClamAV<\/strong> (available in cPanel) to regularly scan your website for malware.<\/li>\n\n\n\n<li>To scan:\n<ol class=\"wp-block-list\">\n<li>In the <strong>Advanced<\/strong> section, click on <strong>Virus Scanner<\/strong>.<\/li>\n\n\n\n<li>Select the areas you want to scan (e.g., entire home directory) and initiate a scan.<\/li>\n<\/ol>\n<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"12-limit-file-permissions\">12. <strong>Limit File Permissions<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Restrict file permissions to minimize the risk of unauthorized access. Ensure that files are set to <strong>644<\/strong> and directories to <strong>755<\/strong>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"additional-security-best-practices\">Additional Security Best Practices:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Disable PHP Execution<\/strong> in directories like <strong>\/uploads<\/strong> to prevent attackers from running malicious PHP scripts.<\/li>\n\n\n\n<li>Use <strong>IP Blocker<\/strong> in cPanel to block suspicious IP addresses from accessing your website.<\/li>\n\n\n\n<li>Configure <strong>Leech Protection<\/strong> to prevent users from publicly posting sensitive login credentials.<\/li>\n<\/ul>\n\n\n\n<p>By following these steps, you can significantly improve the security of your website using cPanel, protecting your data, visitors, and business.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Securing your website using cPanel involves several key steps to protect your site from potential threats, such as hacking, malware, and other vulnerabilities. cPanel provides tools and features that make it easy to enhance the security of your website and server. Steps to Secure Your Website with cPanel: 1. Install an SSL Certificate 2. Use [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[53],"tags":[],"class_list":["post-553","post","type-post","status-publish","format-standard","hentry","category-cpanel-secure"],"_links":{"self":[{"href":"https:\/\/mumbaiwebhosting.co.in\/articles\/wp-json\/wp\/v2\/posts\/553","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mumbaiwebhosting.co.in\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mumbaiwebhosting.co.in\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mumbaiwebhosting.co.in\/articles\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/mumbaiwebhosting.co.in\/articles\/wp-json\/wp\/v2\/comments?post=553"}],"version-history":[{"count":1,"href":"https:\/\/mumbaiwebhosting.co.in\/articles\/wp-json\/wp\/v2\/posts\/553\/revisions"}],"predecessor-version":[{"id":555,"href":"https:\/\/mumbaiwebhosting.co.in\/articles\/wp-json\/wp\/v2\/posts\/553\/revisions\/555"}],"wp:attachment":[{"href":"https:\/\/mumbaiwebhosting.co.in\/articles\/wp-json\/wp\/v2\/media?parent=553"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mumbaiwebhosting.co.in\/articles\/wp-json\/wp\/v2\/categories?post=553"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mumbaiwebhosting.co.in\/articles\/wp-json\/wp\/v2\/tags?post=553"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}