/ cPanel

A Quick Guide to Securing and Optimizing cPanel

So, you were just handed a VPS, or a server. You were told to install cPanel.

This isn’t an in-depth guide to securing and optimizing cPanel, but this should at least give you sane defaults that will work for the most part for servers and VPSes.

Note: Most of the optimizations is done in SSH, some in WebHostManager. I will label which one is done via SSH and which one is done via WHM, as needed.

SSH Setup

The very first step after finishing the Initial Setup Wizard is to install ntpd, and use the nearest server to you for time-tracking. Choose a time server from the NTP pool of time servers. Of course, you can google for servers closer to your area for the lowest latency possible between the time server and your own server.

Why do I recommend setting up ntpd first before fully configuring the server? The simple reason is that you do not want the server to be too out of sync with time. For example, let’s say you’re running a website that sells products such as clothes, jewelry, accessories and the like. For you to have an accurate log of what happened, how it happened, where and why, you need accurate time.

PHP Configuration via SSH

You also want to set php.ini to at least 256MB in memory_limit to ensure scripts work optimally. This is important, if you expect to have clients hosting an e-commerce site off of your cPanel server.

MySQL optimizations would take more time than we’d like to devote to this post, so I will mention that there are many such guides for it, but a tool you’ll want to use is Mysqltuner via SSH to get a better idea of your usage levels. Do this for a week or so, so that MySQLTuner can make better recommendations the longer MySQL runs on the server. Check every 24-48 hours (recommend 48 hours after), then adjust accordingly until you’ve got just the right mixture of performance and speed.

WebHostManager and SSH

Then CSF, choosing ConfigServer Security and Firewall to be installed, after disabling cphulkd, as cPanel recommends that it be disabled for compatibility and security reasons. Specifically, that cphulkd is known to interfere and create issues in blocking troublemakers from accessing the server.

There are some sane defaults in CSF, which does make it easier to set up via SSH. Configuration of CSF can be followed elsewhere on the web, though you’ll want to read the CSF ReadMe with more specific recommendations from the CSF forums available if needed. You can also configure CSF via the command line as well. To do so, use the following command in CentOS via SSH, as root:

cd /etc/csf

Edit: I will post more links and guides to specific things to use in cPanel as I can, but this is a good starting point.

A Quick Guide to Securing and Optimizing cPanel
Share this