Stay ahead with breaking cybersecurity news, technology updates, cryptocurrency insights, and gaming coverage. Expert security analysis and tech innovations.
Tools
Tools: How to Harden a cPanel/WHM Server Against Common Attacks (Nigerian Hosting Guide) (2026)
2026-05-24 0 views admin
bashcd /usr/srcwget https://download.configserver.com/csf.tgztar -xzf csf.tgzcd csfsh install.sh propertiesTESTING = "0" # Disable test modeLF_SSHD = "5" # Block IP after 5 failed SSH attemptsLF_CPANEL = "10" # Block after 10 failed cPanel loginsCT_LIMIT = "100" # Max connections per IP sshPort 2222 # Change from default 22PermitRootLogin no # Disable root SSH loginPasswordAuthentication no # Use key-based auth onlyMaxAuthTries 3 bashssh-keygen -t ed25519 -C "xclusivecloud-server" bash/scripts/modsec_vendor_install apacheRewriteEngine OnRewriteCond %{HTTPS} offRewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] inidisable_functions = exec, passthru, shell_exec, system, proc_open, popen propertiesLF_ALERT_TO = "[email protected]"
LF_ALERT_FROM = "[email protected]" Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to ? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse
Command
1. Enable and Configure CSF (ConfigServer Security & Firewall) CSF is the go-to firewall for cPanel servers. Install it:
As someone who runs a web hosting company in Nigeria (XclusiveCloud — xclusivecloud.com)
and is doing postgraduate research in Cyber Threat Intelligence, server security isn't
theoretical for me — it's something I implement and maintain daily. Here's a practical hardening checklist for cPanel/WHM servers, based on what actually
works in Nigerian hosting environments.
1. Enable and Configure CSF (ConfigServer Security & Firewall) CSF is the go-to firewall for cPanel servers. Install it:
As someone who runs a web hosting company in Nigeria (XclusiveCloud — xclusivecloud.com)
and is doing postgraduate research in Cyber Threat Intelligence, server security isn't
theoretical for me — it's something I implement and maintain daily. Here's a practical hardening checklist for cPanel/WHM servers, based on what actually
works in Nigerian hosting environments.
1. Enable and Configure CSF (ConfigServer Security & Firewall) CSF is the go-to firewall for cPanel servers. Install it:
Critical CSF settings to change in `/etc/csf/csf.conf`:
Critical CSF settings to change in `/etc/csf/csf.conf`:
Critical CSF settings to change in `/etc/csf/csf.conf`:" style="background: linear-gradient(135deg, #6a5acd 0%, #5a4abd 100%); color: #fff; border: none; padding: 6px 12px; border-radius: 8px; cursor: pointer; font-size: 12px; font-weight: 600; transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1); display: flex; align-items: center; gap: 8px; box-shadow: 0 4px 12px rgba(106, 90, 205, 0.4), inset 0 1px 0 rgba(255, 255, 255, 0.1); position: relative; overflow: hidden;">Copy
$ As someone who runs a web hosting company in Nigeria (XclusiveCloud — xclusivecloud.com)
and is doing postgraduate research in Cyber Threat Intelligence, server security isn't
theoretical for me — it's something I implement and maintain daily. Here's a practical hardening checklist for cPanel/WHM servers, based on what actually
works in Nigerian hosting environments.
1. Enable and Configure CSF (ConfigServer Security & Firewall) CSF is the go-to firewall for cPanel servers. Install it:
As someone who runs a web hosting company in Nigeria (XclusiveCloud — xclusivecloud.com)
and is doing postgraduate research in Cyber Threat Intelligence, server security isn't
theoretical for me — it's something I implement and maintain daily. Here's a practical hardening checklist for cPanel/WHM servers, based on what actually
works in Nigerian hosting environments.
1. Enable and Configure CSF (ConfigServer Security & Firewall) CSF is the go-to firewall for cPanel servers. Install it:
As someone who runs a web hosting company in Nigeria (XclusiveCloud — xclusivecloud.com)
and is doing postgraduate research in Cyber Threat Intelligence, server security isn't
theoretical for me — it's something I implement and maintain daily. Here's a practical hardening checklist for cPanel/WHM servers, based on what actually
works in Nigerian hosting environments.
1. Enable and Configure CSF (ConfigServer Security & Firewall) CSF is the go-to firewall for cPanel servers. Install it:
Critical CSF settings to change in `/etc/csf/csf.conf`:
Critical CSF settings to change in `/etc/csf/csf.conf`:
Critical CSF settings to change in `/etc/csf/csf.conf`:
2. Restrict SSH Access Never leave SSH open to the world. In `/etc/ssh/sshd_config`:
Command
Copy
$
2. Restrict SSH Access Never leave SSH open to the world. In `/etc/ssh/sshd_config`:
Command
Copy
$
2. Restrict SSH Access Never leave SSH open to the world. In `/etc/ssh/sshd_config`:
Code Block
Copy
Generate and use SSH keys instead of passwords:
Generate and use SSH keys instead of passwords:
Generate and use SSH keys instead of passwords:
3. Install ModSecurity WAF In WHM → ModSecurity Tools, enable ModSecurity and install OWASP CRS rules:
Command
Copy
$
3. Install ModSecurity WAF In WHM → ModSecurity Tools, enable ModSecurity and install OWASP CRS rules:
Command
Copy
$
3. Install ModSecurity WAF In WHM → ModSecurity Tools, enable ModSecurity and install OWASP CRS rules:
Command
4. Enable cPGuard (Malware Scanner) cPGuard integrates directly into cPanel and scans for malware across all hosted accounts.
Enable it in WHM → cPGuard Malware Scanner. Set up automated daily scans and email alerts to: [email protected]
5. Force HTTPS for All Hosted Sites In WHM → Apache Configuration, ensure all cPanel accounts redirect HTTP → HTTPS: In each user's cPanel → .htaccess:
This blocks common web attacks: SQL injection, XSS, remote file inclusion, and directory
traversal — all of which are common targets for Nigerian websites.
4. Enable cPGuard (Malware Scanner) cPGuard integrates directly into cPanel and scans for malware across all hosted accounts.
Enable it in WHM → cPGuard Malware Scanner. Set up automated daily scans and email alerts to: [email protected]
5. Force HTTPS for All Hosted Sites In WHM → Apache Configuration, ensure all cPanel accounts redirect HTTP → HTTPS: In each user's cPanel → .htaccess:
This blocks common web attacks: SQL injection, XSS, remote file inclusion, and directory
traversal — all of which are common targets for Nigerian websites.
4. Enable cPGuard (Malware Scanner) cPGuard integrates directly into cPanel and scans for malware across all hosted accounts.
Enable it in WHM → cPGuard Malware Scanner. Set up automated daily scans and email alerts to: [email protected]
5. Force HTTPS for All Hosted Sites In WHM → Apache Configuration, ensure all cPanel accounts redirect HTTP → HTTPS: In each user's cPanel → .htaccess:" style="background: linear-gradient(135deg, #6a5acd 0%, #5a4abd 100%); color: #fff; border: none; padding: 6px 12px; border-radius: 8px; cursor: pointer; font-size: 12px; font-weight: 600; transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1); display: flex; align-items: center; gap: 8px; box-shadow: 0 4px 12px rgba(106, 90, 205, 0.4), inset 0 1px 0 rgba(255, 255, 255, 0.1); position: relative; overflow: hidden;">Copy
$ This blocks common web attacks: SQL injection, XSS, remote file inclusion, and directory
traversal — all of which are common targets for Nigerian websites.
4. Enable cPGuard (Malware Scanner) cPGuard integrates directly into cPanel and scans for malware across all hosted accounts.
Enable it in WHM → cPGuard Malware Scanner. Set up automated daily scans and email alerts to: [email protected]
5. Force HTTPS for All Hosted Sites In WHM → Apache Configuration, ensure all cPanel accounts redirect HTTP → HTTPS: In each user's cPanel → .htaccess:
This blocks common web attacks: SQL injection, XSS, remote file inclusion, and directory
traversal — all of which are common targets for Nigerian websites.
4. Enable cPGuard (Malware Scanner) cPGuard integrates directly into cPanel and scans for malware across all hosted accounts.
Enable it in WHM → cPGuard Malware Scanner. Set up automated daily scans and email alerts to: [email protected]
5. Force HTTPS for All Hosted Sites In WHM → Apache Configuration, ensure all cPanel accounts redirect HTTP → HTTPS: In each user's cPanel → .htaccess:
This blocks common web attacks: SQL injection, XSS, remote file inclusion, and directory
traversal — all of which are common targets for Nigerian websites.
4. Enable cPGuard (Malware Scanner) cPGuard integrates directly into cPanel and scans for malware across all hosted accounts.
Enable it in WHM → cPGuard Malware Scanner. Set up automated daily scans and email alerts to: [email protected]
5. Force HTTPS for All Hosted Sites In WHM → Apache Configuration, ensure all cPanel accounts redirect HTTP → HTTPS: In each user's cPanel → .htaccess:
6. Configure Automated Backups In WHM → Backup Configuration:
- Enable: Yes- Backup type: Compressed- Daily backups: Retain 7 days- Weekly backups: Retain 4 weeks- Backup destination: Remote (S3 or Backblaze B2) Never store backups only on the same server. One ransomware attack will encrypt both.
7. Disable Unused PHP Versions and Functions In WHM → PHP Configuration:- Only enable PHP versions your clients actually use (typically 8.1, 8.2)
- Disable dangerous functions in php.ini:
Command
Copy
$
6. Configure Automated Backups In WHM → Backup Configuration:
- Enable: Yes- Backup type: Compressed- Daily backups: Retain 7 days- Weekly backups: Retain 4 weeks- Backup destination: Remote (S3 or Backblaze B2) Never store backups only on the same server. One ransomware attack will encrypt both.
7. Disable Unused PHP Versions and Functions In WHM → PHP Configuration:- Only enable PHP versions your clients actually use (typically 8.1, 8.2)
- Disable dangerous functions in php.ini:
Command
Copy
$
6. Configure Automated Backups In WHM → Backup Configuration:
- Enable: Yes- Backup type: Compressed- Daily backups: Retain 7 days- Weekly backups: Retain 4 weeks- Backup destination: Remote (S3 or Backblaze B2) Never store backups only on the same server. One ransomware attack will encrypt both.
7. Disable Unused PHP Versions and Functions In WHM → PHP Configuration:- Only enable PHP versions your clients actually use (typically 8.1, 8.2)
- Disable dangerous functions in php.ini:
Command
Copy
$
8. Enable Two-Factor Authentication on WHM WHM → Security Center → Two-Factor Authentication This is mandatory. cPanel credentials are a primary target in credential stuffing attacks.
9. Monitor Login Attempts with LFD CSF's Login Failure Daemon (LFD) monitors and blocks brute-force attacks. Configure
alerts to your email in csf.conf:
Command
Copy
$
8. Enable Two-Factor Authentication on WHM WHM → Security Center → Two-Factor Authentication This is mandatory. cPanel credentials are a primary target in credential stuffing attacks.
9. Monitor Login Attempts with LFD CSF's Login Failure Daemon (LFD) monitors and blocks brute-force attacks. Configure
alerts to your email in csf.conf:
Command
Copy
$
8. Enable Two-Factor Authentication on WHM WHM → Security Center → Two-Factor Authentication This is mandatory. cPanel credentials are a primary target in credential stuffing attacks.
9. Monitor Login Attempts with LFD CSF's Login Failure Daemon (LFD) monitors and blocks brute-force attacks. Configure
alerts to your email in csf.conf:
Command
Copy
$
10. Regular Security Audits Monthly checklist:
- [ ] Run `rkhunter --check` to detect rootkits- [ ] Review CSF block list for persistent attackers- [ ] Check for accounts with weak passwords (WHM → Password Strength)- [ ] Review error logs in `/usr/local/cpanel/logs/`- [ ] Verify all SSL certificates are valid and auto-renewing --- If you're running a Nigerian hosting business or self-hosting your own cPanel server,implementing all of the above should be your first priority before onboarding clients. I cover server security in more depth on the XclusiveCloud blog at xclusivecloud.com/blog —
including guides specific to Nigerian hosting environments. What security measures are you running on your servers? Happy to discuss in the comments.
Command
Copy
$
10. Regular Security Audits Monthly checklist:
- [ ] Run `rkhunter --check` to detect rootkits- [ ] Review CSF block list for persistent attackers- [ ] Check for accounts with weak passwords (WHM → Password Strength)- [ ] Review error logs in `/usr/local/cpanel/logs/`- [ ] Verify all SSL certificates are valid and auto-renewing --- If you're running a Nigerian hosting business or self-hosting your own cPanel server,implementing all of the above should be your first priority before onboarding clients. I cover server security in more depth on the XclusiveCloud blog at xclusivecloud.com/blog —
including guides specific to Nigerian hosting environments. What security measures are you running on your servers? Happy to discuss in the comments.
Command
Copy
$
10. Regular Security Audits Monthly checklist:
- [ ] Run `rkhunter --check` to detect rootkits- [ ] Review CSF block list for persistent attackers- [ ] Check for accounts with weak passwords (WHM → Password Strength)- [ ] Review error logs in `/usr/local/cpanel/logs/`- [ ] Verify all SSL certificates are valid and auto-renewing --- If you're running a Nigerian hosting business or self-hosting your own cPanel server,implementing all of the above should be your first priority before onboarding clients. I cover server security in more depth on the XclusiveCloud blog at xclusivecloud.com/blog —including guides specific to Nigerian hosting environments. What security measures are you running on your servers? Happy to discuss in the comments.
