Believe it or not, hackers want what you want: to reap the rewards of your labour. While your time is split between providing superior products to clients and other related duties, hackers’ sole focus is on getting into your website.
Thankfully, there are several measures you can undertake to mitigate this. They range from “like duh” basic to “I’m going to need help doing that” advanced. No matter what your current level of knowledge however, you will find tips below to suit your abilities. Let’s start with how you can secure your cPanel login.
Table of Contents
Securing cPanel Login
Your website hosting package comes with cPanel so securing your cPanel login is naturally the ideal place to start your fortification.
Logging in to cPanel and webmail can either be through secure or non-secure portals. A secure login encrypts your cPanel login information which reduces the likelihood of third-parties gaining access to your account. Ideally, you will need to have SSL certificates capabilities to be able to use this option.
To log in to cPanel securely, enter the following address into your browser of choice replacing ‘sitedomain’ with your website’s domain name: ‘https://sitedomain.com:2083/’.
To log securely in to webmail, you have two options:
- If you know your website’s IP address: ‘https://yourdomain’sIPaddress.com:2096/’.
- Otherwise, you may use: ‘https://sitedomain.com:2096/’.
Verify your cPanel Version
Only use the latest version. Doing this ensures you are protected from recently identified security flaws and exposure to future security breaches is minimised. Some software upgrade automatically. However, you usually have the option to perform a manual update whenever there’s a new version. cPanel has made it so that users of versions 78 and higher automatically update to the latest version (188.8.131.52) upon release (April 2020).
To know your current cPanel version:
- Log in to your cPanel account
- From the available options right of screen, select ‘Server Information’
Among the list of systems information will be the version of cPanel you are currently running. If what you are currently running is not the latest version, and you chose to include cPanel/WHM with your dedicated server or VPS hosting package, manual updates are possible.
The process of finding your current version in WHM will be a little different:
- Log in to your WHM account
- Under ‘Server Configuration’ left of screen, select ‘Update Preferences’
The version will be displayed under ‘cPanel & WHM Version’. ‘Update Preferences’ is also where you can enable automatic updates.
Plugins and themes are not to be overlooked. All content management systems (CMS) allow plugins. If you chose to install WordPress for example, you have almost 56,000 plugins to help you create a unique website. Additionally, your CMS of choice itself will release updates. In WordPress, version information is found in your ‘Dashboard’.
Do not stop there! Your computer’s operating system and every non-hardware component should also be using the latest versions. Updating individual applications helps to create a stronger overall defence system. In other words, some of the burden of maintaining your website’s integrity is lifted from your cPanel login as being the only point of resistance.
Create Tough Passwords
Very strong passwords reduce the likelihood that hackers will guess your cPanel login or even your Webmail login. You can create strong passwords by using a minimum of eight characters comprised of upper and lower case letters, allowable special characters and numbers, and by avoiding known words and important dates.
Be mindful that despite the strength of your password, poor storage renders it obsolete. Tools are available to securely store your passwords and also to identify attempts at guessing it. cPanel provides assistance in creating strong passwords, and options allowing you to determine how your cPanel login attempts are treated.
Apache HTTP Server
Installing cPanel also installs EasyApache 4. Given the open-source nature of Apache software, it is highly recommended that you review your Apache settings. One course of action is preventing users from overriding your security features via the .htaccess directory. Though this has been the default setting since Apache 2.3.9, you can also use modules to further strengthen your Apache/cPanel security.
Use a Firewalls
In carrying out your website’s control panel duties, cPanel interacts with many other software, as demonstrated above (Apache). Persons with sinister intentions and the know-how may exploit weaknesses in the process. Firewalls help to reduce the likelihood of hacking via third-party connections.
Caution is advised however when working with firewalls:
- Ensure you are always able to log back into your server
- Familiarise yourself with the ports used by cPanel to prevent unintentionally removing or disabling them (as this may have severe ramifications for your website operations)
Two very popular firewalls are ModSecurity (ModSec) and ConfigServer Security & Firewall (CSF). CSF, for example, helps to protect your cPanel login through login and intrusion detection capabilities.
Best Practices for a Secure Website
So far you have been learning what you can do to protect your cPanel login, directly or indirectly. Now you will be looking at ways you can maintain your website’s integrity.
Pick a Secure Website Host
Though you are guaranteed superior performance from any of our shared web hosting packages, you should consider upgrading to a virtual private server (VPS) or even a dedicated server as your business expands. The fewer computers there are on a server, the greater your control over security and the less chance of malicious activities. Furthermore, website hosting manager (WHM) options are only available with VPS and dedicated server packages.
Check your Plugins
Plugins play a vital role in protecting your website. As already mentioned, when you install WordPress, you gain access to nearly 56,000 plugins. Some of these are security related. Some general features you can look out for in a security plugin are:
- Login protection
- Two-factor authentication
- Security logs
- SSL certificate enforcement
- Injection attack detection and/or prevention
- Automatic malware scanning
- Keep your plugins updated to benefit from their full raft of services
- Remove any you no longer use
- Use plugins that work in tandem with the features your hosting package comes with
- For example: iThemes Security allows you to enable the SSL certificate enforcement feature that comes standard.
Check your file uploads and permissions
Is it still hacking if illegal access occurred via an avenue you inadvertently created? Yes! Think of hacking like a weed. Any plant can be a weed since the definition is an unwanted plant that inhibits the growth of wanted plants. Remember, hacking is any unsolicited use of your website, irrespective of how access was gained.
Having said that, do not leave doors open for hackers! One way is to mange materials you upload to your site (if applicable). Another option is through permissions. Again, if you choose to install WordPress as your CMS, there are some built-in safeguards against file upload vulnerabilities, such as file sanitisation. This process seeks to eliminate the chances of an outsider uploading a .php file.
Just In Case you need extra security…
No method is fool proof so backing up your website regularly ensures you are able to restart your business quickly, and with as little disruption as possible.
You should take comfort in knowing that, among other features, your website hosting package provides peace of mind by:
- Using CloudLinux for its operating system
- Providing daily backups
- Including virus scanning
Face it; you created your website to achieve your vision. It took time to build a reliable product and earn the trust of your clients. All of that could become undone in the blink of an eye. Your work does not end when your website is among the top results in search engines, or when the size of your clientele forces you to consider business expansion. Quite the opposite! Protecting your investment is a continuous effort.
It is unlikely that any one method or combination thereof will guarantee complete impregnability. Furthermore, how and when you choose to protect your cPanel login and website are personal decisions.